Time
1 hour 12 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
you guessed it. It's time for another quiz, folks, and this one's on the last video building baselines.
00:06
So again we'll do three questions. I'll count to three and you'll see the answer. I hope you try to answer it yourself, and you know it's a good way to just engage and make sure that your understanding, all the concepts,
00:19
our first question, what is the sixth domain of the mobile app? Security Verification standard. That's the sixth domain,
00:28
one
00:29
to
00:30
three.
00:33
If you answered environmental interaction requirements, that's correct. Again, that's just one of the eight. You know there are eight domains total on that six. Domain really covers a lot of issues like I PC issues in a ton of others. And really again, if you're looking at these domains,
00:49
none of them are more important than one another. They all go together. They're like puzzles there, like a bridge where all those pieces come together and,
00:56
you know, together they make a strong access program
01:00
for the next question.
01:03
Where the categories
01:03
in the mobile app sec model
01:07
one,
01:08
23
01:12
So in general, the categories air out one l two and are but what I really want you to think of is there's out one. There's l two
01:21
l one plus r l two plus are so he did l one l two r. That's technically correct, but really, you have to think of it as there's four different categories your app can fall in and those air the way you should be thinking about when you're trying to kind of get into this modeling the risk of your mobile app threat modelling it.
01:41
And for this last question, what category would a hospital communication app fall under in the mobile app SEC model
01:49
one
01:51
to
01:52
three
01:56
All right, So if you were paying attention during our modeling discussion of using that mobile APP SEC novel, applying certain types of APS to it, you would have probably felt to yourself well, this app handles really sensitive data because it's a hospital lap and then he would have thought, Well, it's a communication app, so it does have a lot of interesting scenarios that it could be used.
02:15
So what really comes down to what's interesting
02:19
from a testing point of view is not only having defense in depth because we want to make sure that we're applying, you know, security practices that are gonna be in line with compliance and other regulatory bodies. But we want reverse engineering resilience because this is a communication at this could be a messaging app, you know, in app that really has
02:38
Cem
02:39
interesting things that go into using it. So if you did follow along those and you kind of made sense of them great. And, you know, if you didn't get this one, it's okay here. You keep practicing, think about the APS that you're using on a day to day basis and time to think. What's the threat model? This app. How is it applied to the enterprise that's actually making it?
02:58
I hope this quiz was useful and I hope to see in the next video. Thank you.

Up Next

Mobile App Security

In this course, you’ll learn how to crawl, walk, then run in mobile app security testing, with an end goal of having all the tools and knowledge necessary to become a mobile appsec expert.

Instructed By

Instructor Profile Image
Tony Ramirez
Senior Application Security Analyst
Instructor