Introducing Enno Wallet Threat Model for Mobile Apps
As the Enno Wallet Security Team, we are proud to publish the Threat Model v1.0 of our Architecture!
We have embraced security as a way of life from the first day we started to develop our wallet and have followed many best practices to integrate it into every moment of our software development processes as a team. We are publishing our Threat Model as a result of this follow-up.
Threat Modeling is a structured methodology that is frequently used in the field of security. The objective is to determine the architecture, processes, and complex processes of the software and to identify its security requirements, threats, and potential vulnerabilities. Not only this, they are added to this diagram after determining the priorities of the threats and weaknesses that may occur in these works and determining the security measures/controls that are to be applied for them.
At Enno Wallet, we use the STRIDE method, one of the widespread methods, Threat Modeling Manifesto, and OWASP as we structure the Threat Model.
Meanwhile, we not only use the best methodologies but also apply our security measures; we also take into account all the security incidents and known weaknesses that blockchain, cryptocurrency exchange, and crypto wallet products have experienced so far.
Threat Model
Enno Wallet Threat Model GitHub repository
Let’s get back to our Threat Model if you are ready!
Things to know:
Threat Model consists of three main elements:
- Assets (What do we have and where and how are these stored?)
- Security Controls (What security measures/controls do we implement?)
- Threat Agents (What kind of threats do we expect and where?)
Enno Wallet iOS Mobile App Threat Model v1.0
Downloads:
Send PR on GitHub for Threat Model
Enno Wallet Android Mobile App Threat Model v1.0
Downloads:
Send PR on GitHub for Threat Model
Our Threat Model will be constantly updated with the updates of our architecture and applications, and the details of the changes will be published in each new version. This Threat Model will also provide a basis for the Security Audit that we are planning to have coded in our iOS and Android applications very soon.
What is next for new versions of the Enno Wallet Threat Model and Public Security repo?
Apart from periodical updates:
- Creating and publishing Attack Tree
- Creating and publishing Threat Traceability Matrix
- Explaining security measures/mitigations implemented in detail, step by step
- Mapping the reports revealed as a result of bug bounty and possible vulnerabilities in the future with the threat model, OWASP MASVS, and SANS Top 25
- Publishing DDD (Detailed Design Document) and SDD (Security Design Document)
You can follow our public security repository on GitHub here.
Serhan W. Bahar
Chief Information Security Officer
