-
-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[MASWE-0007] Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction #2545
Comments
Shouldn't
be part of #2542 (Sensitive Data Not Excluded From Backup)? |
4 tasks
cpholguera
changed the title
New Risk - Sensitive Data Stored Unencrypted in External Locations [data-unencrypted-external]
New Risk - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
May 18, 2024
cpholguera
changed the title
New Risk - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
New Weakness - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
Jul 3, 2024
cpholguera
changed the title
New Weakness - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
[MASWE-0007] Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction
Jul 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Create a new risk for "Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction (MASVS-STORAGE-1)" using the following information:
Sensitive data may be stored in external locations (e.g. external storage, public folders, etc.) without encryption and may be accessible to other apps.
Create "
risks/MASVS-STORAGE/1-***-****/data-unencrypted-shared-storage-no-user-interaction/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-STORAGE/1-***-****/data-unencrypted-external/risk.md
)The text was updated successfully, but these errors were encountered: