Please enable JavaScript.

Coggle requires JavaScript to display documents.

Food Truck Catalogue: Security - Coggle Diagram

- - - - Strengths
        
        Provides all necessary data, no extraneous data
        
        Fast
      - Weaknesses
        
        JSON data format only, no XML
- - - - API is public facing and does not require authentication, meaning that all data stored in the solution is already public. This means that there is no incentive for an attacker to compromise the app, since the data is already publicly available
    - - Data is pulled from the API every time the app loads, meaning that it is always up-to-date and any errors which may have occurred in the program's memory will be overwritten
      - While it is possible that the data could still be compromised by a man-in-the-middle (MITM) attack, due to the relatively not-sensitive nature of the data there is no incentive for this attack to be performed. The largest impact of a MITM attack would be the user being presented with falsified data, which has potential flow-on effects, such as them being directed to a hostile website instead of a food truck's, but BCC does not provide any way of validating the data returned from its API, meaning that a MITM attack is almost impossible to detect, and thus impossible to protect against.
    - - Since the data is pulled from an API, its availability is mostly dependent on the integrity of the server. However, attacks such as distributed denial of service (DDOS) attacks from third parties could still impact the availability of the data for the user. Cacheing as much data as possible would help to ensure this by minimising the number of authentic requests.
  - - - Users are never asked to identify themselves, keeping them entirely anonymous.
    - - APP 3 states that an organisation must collect only data which is relevant to their business, and that the user must consent to this. The app does not require any user data to function, and therefore must not solicit any data from users, sensitive or otherwise.
    - - The app does not collect any data, and the user is informed of this by a message stating "We do not collect your data" on each truck's detail view.
- - - - SwiftUI