ToolStation - Internal Docs
Disaster Management

App Problem & Vulnerability Management

Problem Management

  1. We Receive Problem Report
  2. Root Cause Analysis
    • Analyze reported problems, crash logs, and analytics data to identify the root cause. This might involve reproducing the issue on test devices or using debugging tools.
  3. Workarounds and Solutions
    • Develop temporary workarounds to mitigate the problem's impact while working on a permanent fix.
    • Implement a permanent solution by fixing bugs in the app code or addressing server-side issues.
  4. Knowledge Base and Communication
    • Create a knowledge base to document identified problems, root causes, resolutions, and workarounds.
    • Communicate fixes and updates to users through app store releases, changelogs, or in-app notifications.
  • Additional Tips
    • Prioritization: Prioritize problems based on severity and impact on users. Critical issues affecting core functionalities should be addressed first.
    • Version Control: Maintain good version control practices to track code changes and rollback if necessary.
    • Testing: Rigorous testing throughout the development process helps prevent problems from reaching users.

Vulnerability Management

References

This version is for App Vulnerability Management but it by default inherits the https://toolstation-support.atlassian.net/wiki/spaces/IT/pages/309690372 by IT Operations guide</a>

Vulnerability management is crucial for securing your mobile app and protecting user data.

  1. Identification
    • Static Application Security Testing (SAST): Analyze your app's code to identify potential vulnerabilities like insecure coding practices, injection flaws, or buffer overflows.
    • Dynamic Application Security Testing (DAST): Simulate real-world attacks to discover vulnerabilities in the app's functionality and APIs.
    • Mobile Threat Defense (MTD) Tools: Continuously monitor your app for suspicious activity that might indicate vulnerabilities being exploited.
    • Penetration Testing: High-Level Defence Hire ethical hackers to simulate real attacks and identify vulnerabilities that automated tools might miss.
  2. Prioritization:
    • Not all vulnerabilities are equal. Prioritize them based on severity (critical, high, medium, low) and exploitability (likelihood of being attacked). Factors like potential impact on user data, privacy, and functionality are considered.
  3. Remediation:
    • Fix the identified vulnerabilities in the app code. This might involve patching security holes, implementing more secure coding practices, or updating libraries with known vulnerability fixes.
    • Regularly update third-party libraries and frameworks used in your app to benefit from their security patches.
  4. Reporting and Communication:
    • Maintain a record of identified vulnerabilities, their severity, and the implemented fixes.
    • Communicate vulnerabilities and remediation plans to relevant stakeholders, including developers, security teams, and product managers.
  • Additional Considerations:
    • Secure Coding Practices: Train developers on secure coding practices to minimize vulnerabilities from the beginning.
    • Secure Development Lifecycle (SDL): Integrate vulnerability management throughout the app development lifecycle, from design to deployment.
    • Security Reviews: Be prepared to address vulnerabilities identified during (app store) security reviews

App Incident Management

Service Level Agreements

Copyright © 2026