Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MASWE-0006] Add Sensitive Data Stored Unencrypted in Private Storage Locations #2566

Merged
merged 56 commits into from
Jul 10, 2024
Merged

[MASWE-0006] Add Sensitive Data Stored Unencrypted in Private Storage Locations #2566

merged 56 commits into from
Jul 10, 2024

Conversation

thomascannon
Copy link
Collaborator

Closes #2544

@thomascannon thomascannon mentioned this pull request Feb 21, 2024
Closed
@thomascannon thomascannon changed the title Add Risk and Test for: Data Unencrypted Internal Add Risk and Test - Sensitive Data Stored Unencrypted in Internal Locations [data-unencrypted-internal] Feb 21, 2024
@cpholguera
Copy link
Collaborator

Thanks a lot @thomascannon, I'll give it a proper review as soon as I can.

@serek8 thanks for starting a first review. You and Thomas made very good points there. We need to think about it.

cpholguera
cpholguera requested changes Mar 15, 2024
View reviewed changes
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
thomascannon and others added 6 commits April 2, 2024 12:02
@thomascannon @cpholguera
Update risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unenc…
a29fb63 
…rypted-internal/risk.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unenc…
c4ebaf2 
…rypted-internal/risk.md


Add refs

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Fix typo in title
ed8f910 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon
Adding link to a technique from test.md
df64230
@thomascannon
Update observation and evaluation in test.md
c398e90
@thomascannon
Update risk.md to remove "further documentation" as they are now in t…
bb794de 
…he refs section
cpholguera
cpholguera requested changes May 1, 2024
View reviewed changes
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
@cpholguera cpholguera changed the title Add Risk and Test - Sensitive Data Stored Unencrypted in Internal Locations [data-unencrypted-internal] Add Risk and Test - Sensitive Data Stored Unencrypted in Private Storage Locations [data-unencrypted-private-storage] May 1, 2024
thomascannon and others added 7 commits May 7, 2024 13:37
@thomascannon @cpholguera
Updating test.md with Carlos' suggestions
ea50af4 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update Internal -> Private Storage
8585fc9 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update Internal -> Private Storage
9782a76 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update with new term Private Storage
cb57040 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update to relative directory path
0a76eb1 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update test.md Overview with Carlos' suggestion
f1a713c 
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update test.md links with relative paths and add a test step to take …
22d79f5 
…a before-snapshot

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon thomascannon changed the base branch from master to universalEditButton2 July 9, 2024 14:26
@thomascannon thomascannon changed the base branch from universalEditButton2 to master July 9, 2024 14:26
cpholguera
cpholguera requested changes Jul 10, 2024
View reviewed changes
...ORAGE/1-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...ORAGE/1-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
...-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/demo-1/demo.md Outdated Show resolved Hide resolved
...-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/demo-1/demo.md Outdated Show resolved Hide resolved
weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypted-private-storage/weakness.md Outdated Show resolved Hide resolved
...re-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/demo-1/MastgTest.kt Outdated Show resolved Hide resolved
...-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/demo-1/demo.md Outdated Show resolved Hide resolved
...-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/demo-1/demo.md Outdated Show resolved Hide resolved
...ORAGE/1-secure-data-storage/data-unencrypted-private-storage/android-data-in-sandbox/test.md Outdated Show resolved Hide resolved
weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypted-private-storage/weakness.md Outdated Show resolved Hide resolved
thomascannon and others added 10 commits July 10, 2024 13:00
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
8aaf961 
…d-private-storage/android-data-in-sandbox/test.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
d8021ac 
…d-private-storage/android-data-in-sandbox/demo-1/demo.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
018cee3 
…d-private-storage/weakness.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
701dd45 
…d-private-storage/android-data-in-sandbox/demo-1/MastgTest.kt

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
4914a0f 
…d-private-storage/weakness.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
6e501fb 
…d-private-storage/android-data-in-sandbox/test.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
35fadaa 
…d-private-storage/android-data-in-sandbox/demo-1/demo.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon @cpholguera
Update weaknesses/MASVS-STORAGE/1-secure-data-storage/data-unencrypte…
d639c54 
…d-private-storage/android-data-in-sandbox/demo-1/demo.md

Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
@thomascannon
Merge branch 'OWASP:master' into thomascannon/issue2544
832b66c
@thomascannon
Rename files and move to new flat structure
3fb0799
cpholguera
cpholguera approved these changes Jul 10, 2024
View reviewed changes
Copy link
Collaborator

@cpholguera cpholguera left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot @thomascannon, great job!

@cpholguera cpholguera merged commit a66ea6e into OWASP:master Jul 10, 2024
3 checks passed
@thomascannon thomascannon deleted the thomascannon/issue2544 branch July 10, 2024 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@serek8 serek8 serek8 left review comments

@ZabGo ZabGo ZabGo left review comments

@cpholguera cpholguera cpholguera approved these changes

Assignees

@thomascannon thomascannon

Labels
MASWE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[MASWE-0006] Sensitive Data Stored Unencrypted in Private Storage Locations
4 participants
@thomascannon @cpholguera @serek8 @ZabGo