Project Name QuickWorker Mobile App

Last Updated 12 Dec 19

Identified
# Risk Title Risk Description / Impact Date
Team Availability
Competing resources when implementing a
multi-department project can jeopardize mobile
001 program success. 12 Nov 19
Requirement Clarification
Business requirements translation to Software
002 requirement (High level) 2 Nov 19
Insecuure data storage
A common practice among the developers is to
depend upon the client storage for the data. But client
storage is not a sandbox environment where security
breaches are not possible. In the event of an acquisition
of the mobile by an adversary, this data can be easily
accessed, manipulated and used. This can result in
identity theft, reputation damage and external policy
004 violation
Poor authorization &
authentication
Poor or missing authentication allows an
adversary to anonymously operate the mobile app or
005 backend server of the mobile app.
improper session handling
Improper session handling refers to the continuance
of the previous session for a long period even when the
006 user has switched from the application.
Security
Developers generally use hidden fields, values or
functionality to distinguish between higher and lower
level users. An attacker might intercept the calls and
mess with such sensitive parameters. Weak
implementation of such hidden functionalities leads to
improper app behavior resulting in higher level
007 permissions being granted of to an attacker.
 Risk Sub- Risk
Risk Category Status Owner
Category Rating

Project Manager High

Resoucres Staf Closed

Project Manager High

Requirement Completeness Closed

Low

Security \
Encription Encription Closed Project Manager

Low
Application
Security Security Closed Project Manager

Session Session Low

Management Management Closed Project Manager

High

Security Security Closed Project Manager

 Possible Mitigation Date Closed Developer Comments

Ensure personnel have clear directives and

are fully committed to the project before it
gets underway
13 Dec 19

Ensure Dreamsnap understood the

expections set for Quickworker app by
Mr.Kiran. 12/11/2019

data encription is not

additional layer of encryption necessary.

Enabling only login online mode We are using OTP for login,
authentication for user login to prevent so user authentication will
unauthorization be secured.

default session timeout is

Configure session timeout to 5 mins 24minutes

we are receiving the input

data with php,mysql
filters. So that the input
Ensure mobile application maintains data will be secured. And
communication between clients and servers online payments security
using an inter process communication (IPC) will handle the payment
mechanism. gateway provider.