Return to Mind Map Gallery
do I get a sense of the quality of the product and wh...
Where in the product have I detected or imagined vulnerability?
After 90 minute Survey
Validity of the algorithm
It's complicated - how can that have been tested well?
how easy would this be to test?
Is it third party software (opensource?)
Interaction with other systems
It didn't seem to work with website
what about email?
and the other groups?
How does it interact if you register with facebook?
does it have plugins
Traditional Area of potential vulnerability
Also coupled with database - can lead to db crash?
As I toured I thought about what possible vulnerabilities
for import - importing from a different password system - that may cause problems
Password character length
How can I make it go negative?
accepts negative numbers
allows you to create excessively long password that's not accepted by other systems
Test Password Expiration
Time typically has bugs in it becaused its used in different ways that people imagine
What if when you repeat the password differently its fine with that?
fails to ensure the password is correct by being entered twice
allows copy and paste of 2nd password so user may enter incorrect password twice
data not properly encrypted
database easily corrupted
can't backup database and passwords
database fields have no boundary limits
no recourse if you are not admin
no proper feedback if you are not admin
different operating systems
fails to install
requires additional software without giving prior notice
What's the limit for passwords? How many can I enter before it fails to accept any more?
what if I export the contents onto a different computer with less memory and hardware and it fails to allow me to import?
What have I heard about the product that suggests vulnerability
Andrei mentioned he had used it once and it was sluggish
Mac requires additional software
After reading the specification what vulnerabilities are suggested to me?
After releasing what vulnerabilities are detected?
Vulnerability Idea Source
What makes me trust the product?
Good Version Control
Its got requirements (a certain sense of rigour?)
Its got help documents
What Makes me doubt the product?
Its hard to test
My knowledge of an existing product that is slick
What Andrei said about the product on Mac
Do I trust this product?
I suspect I trust the algorithmn
It seems complex
I would imagine its hard to break
No proof of this
Don't trust the security
Was able to paste my password into a word doc
what other things are insecure?
Don't trust the reliability
This is the biggie for me, I dont want to lose all my passwords
It's not well thought out from a system perspective
what other things are not well thought out?
Performed 90 minutes survey testing
Imagine all the things that could go wrong
My data is corrupted
Too large a password generated?
Username to long for database?
url to long for database?
password generation corrupts my data
dummy .key file corrupts the system
My data is stolen
You can find an easy way to access my passwords if my laptop is stolen
It becomes too hard to use with other products
Hard to use on websites, email systems and networking products
It's too difficult to use
the interface is too unfamiliar
It's not easily portable
Ipad, Iphone? (non usb)
I download on onto a usb but can't use on apple products as there is no usb
What do I know about other similar products that help me identify vulnerability?
Cross Platform Integration
From My experience of a similar product
what if I move to an ipad? How do I login then?
what if I'm on my iphone, how do I login?