Security Testing and Rider Privacy
Security testing for this project is based on threat models that candidate attackers may use to interrupt the application and its functions. We will consider all types of attacks and build security testing experiments throughout the development of the SmartSAT app. The security team will develop an up-to-date threat model, conduct static analysis and a dependency check, setup a monthly SAST scan and configure a regularly scheduled dynamic scan. We will adopt different state of the assessment models and standards and conduct intrusive and non-intrusive security tests. We will use an agile test-driven approach to ensure the app's modules are thoroughly tested at each stage of development.
In every testing model, the following steps are involved:
(1) Testing security goals will be identified based on specific security target goals derived from security goals (e.g., Confidentiality, Integrity and Availability: CIA), threat models (e.g., Microsoft STRIDE threat model) or specific testing tools.
(2) Test cases will be generated, executed, and verified as to whether they pass or fail.
(3) After each test, security goals will be reevaluated. Cycles will be repeated until goals are met.
(4) We aim to eliminate all known vulnerabilities and have all test cases passed on their expected goals.
Rider Data Protection and Authentication