MindMap Gallery KeePass Risk

KeePass Risk

This is the mind map about the KeePass risk, it's about vulnerability, preconceptions and so on.

Edited at 2020-10-08 02:31:47

Fiona_

KeePass Risk

Fiona_

Recommended to you
Outline

1984 - George Orwell
- 7.8k
- 33
- 7
Lisa Anderson
How to Learn Things Effectively
- 4.3k
- 40
- 9
Fiona_
Building a StoryBrand - Clarify Your Message So Customers Will Listen
- 1.4k
- 15
Second Hand Poet
EVERYTHING IS FIGUREOUTABLE
- 2.0k
- 23
- 3
Second Hand Poet
Flip the Script - Getting People to Think Your Idea is Their Idea
- 1.5k
- 17
- 1
Second Hand Poet
HOW TO BE A CAPITALIST WITHOUT ANY CAPITAL
- 413
- 6
- 1
Second Hand Poet
FREE TO FOCUS - A Total Productivity System to Achieve More by Doing Less
- 1.4k
- 43
- 11
Second Hand Poet
INDISTRACTABLE - How to Control Your Attention and Choose Your Life
- 644
- 16
- 8
Second Hand Poet
LEADERSHIFT - The 11 Essential Changes Every Leader Must Embrace
- 874
- 12
- 2
Second Hand Poet
NINE LIES ABOUT WORK - A Freethinking Leader's Guide to the Real World
- 801
- 18
- 2
Second Hand Poet

KeePass Risk

A vulnerability is a possible location of a bug. There's no evidence to suggest a bug exists, but based on experience, knowledge of the system, discussion with colleagues, use of oracles, its an indicator of where bugs may lie. Its not a coverage map, though I could see the vulnerability map being used in conjunction with the product map. How does this tie in with a risk list? A risk list is also a list of possible vulnerabilities but its only based on investigation of the product. Vulnerabilities are broader than that as they include conversations, looking at support and reading documentation (though a risk list could come from that too I g uess)

Where in the product have I detected or imagined vulnerability?

Validity of the algorithm

It's complicated - how can that have been tested well?

how easy would this be to test?

Is it third party software (opensource?)

Interaction with other systems

It didn't seem to work with website

what about email?

Networks?

and the other groups?

Subtopic 1

How does it interact if you register with facebook?

does it have plugins

Input Fields

Traditional Area of potential vulnerability

Also coupled with database - can lead to db crash?

Importing

As I toured I thought about what possible vulnerabilities

for import - importing from a different password system - that may cause problems

large files

different configurations

Password character length

How can I make it go negative?

accepts negative numbers

allows you to create excessively long password that's not accepted by other systems

Test Password Expiration

Time typically has bugs in it becaused its used in different ways that people imagine

Password Repeat

What if when you repeat the password differently its fine with that?

fails to ensure the password is correct by being entered twice

allows copy and paste of 2nd password so user may enter incorrect password twice

Database Vulnerabilities

data not properly encrypted

database easily corrupted

can't backup database and passwords

database fields have no boundary limits

Installation

admin rights?

no recourse if you are not admin

no proper feedback if you are not admin

different operating systems

fails to install

requires additional software without giving prior notice

Stress:

What's the limit for passwords? How many can I enter before it fails to accept any more?

what if I export the contents onto a different computer with less memory and hardware and it fails to allow me to import?

What have I heard about the product that suggests vulnerability

Andrei mentioned he had used it once and it was sluggish

Mac requires additional software

Test performance?

After reading the specification what vulnerabilities are suggested to me?

After releasing what vulnerabilities are detected?

Typical Vulnerabilities

Risk List

Bug Taxonomy

Preconceptions

What makes me trust the product?

Good Version Control

Active Site

Its got requirements (a certain sense of rigour?)

Its got help documents

What Makes me doubt the product?

Its opensource

Its hard to test

Its free

Poor Usability

My knowledge of an existing product that is slick

What Andrei said about the product on Mac

unfamiliarity

Do I trust this product?

I suspect I trust the algorithmn

It seems complex

I would imagine its hard to break

No proof of this

Don't trust the security

Was able to paste my password into a word doc

what other things are insecure?

Don't trust the reliability

It crashed

This is the biggie for me, I dont want to lose all my passwords

It's not well thought out from a system perspective

what other things are not well thought out?

Performed 90 minutes survey testing

Imagine all the things that could go wrong

My data is corrupted

Crash

Too large a password generated?

Username to long for database?

url to long for database?

password generation corrupts my data

dummy .key file corrupts the system

My data is stolen

You can find an easy way to access my passwords if my laptop is stolen

temporary files?

.key files?

It becomes too hard to use with other products

Hard to use on websites, email systems and networking products

It's too difficult to use

the interface is too unfamiliar

It's not easily portable

Ipad, Iphone? (non usb)

I download on onto a usb but can't use on apple products as there is no usb

What do I know about other similar products that help me identify vulnerability?

Cross Platform Integration

design issues

what if I move to an ipad? How do I login then?

what if I'm on my iphone, how do I login?