2021 End-of-the-Year Security Recap

Enno Security
Enno Wallet & Enno Cash
3 min readDec 24, 2021

--

2021 has been an inspiring year for DeFi applications, just like it has been for the Enno Wallet team and users. We are proud to share with you the recap of our security practices in 2021, which has been a great year full of improvements!

  1. Enno Wallet Threat Model v1.1 Released for iOS and Android!

Thanks to its Banxa integration, buying cryptocurrencies with your credit card on Enno Wallet is now a piece of cake! After the Banxa integration, the security team of Enno Wallet updated and released the Threat Model. For more details, please go to our GitHub address.

Enno Wallet iOS Mobile App Threat Model v1.1
Enno Wallet Android Mobile App Threat Model v1.1

2. Enno Wallet Attack Tree v1.0 Released!

Attack trees are conceptual diagrams showing how an asset or target might be attacked. Outlining in Attack Tree v1.0 what kind of attacks the cyber attackers might go for, our security team has already started working to show which defense mechanisms we have to fight these attacks. All of our defense mechanisms will be added into the Attack Tree in v1.1, the next version, for our beloved users to see. For more details, please go to our GitHub address.

Enno Wallet Mobile App Attack Tree v1.0

3. Enno Wallet Threat Traceability Matrix v1.0 Released!

A threat traceability matrix is an excellent structure for presenting threat analysis and the results of the security audits. Based on v1.1 of our Threat Model, we are proud to launch Matrix v1.0. In this model, you can see which threat agents have an impact on which assets and use which methods. You can also see the extent of this impact and which attack surfaces these agents work on. Besides, the model shows which mitigation techniques we use to prevent them. For more details, please go to our GitHub address.

Enno Wallet Threat Traceability Matrix v1.0

What Awaits Us In 2022 In Terms of Security?

  1. Publishing security audit proposals and being audited by one of the best audit companies in the market
  2. Explaining security measures/mitigations implemented in detail.
  3. Launching the Bug Bounty Program
  4. Publishing DDD (detailed design document) and SDD (security design document)

Serhan W. Bahar
Chief Information Security Officer

--

--