You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New Risk - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
#2545
Open
4 tasks
cpholguera opened this issue
Feb 5, 2024
· 2 comments
· May be fixed by #2594
Create a new risk for "Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction (MASVS-STORAGE-1)" using the following information:
Sensitive data may be stored in external locations (e.g. external storage, public folders, etc.) without encryption and may be accessible to other apps.
Create "risks/MASVS-STORAGE/1-***-****/data-unencrypted-shared-storage-no-user-interaction/risk.md" including the following content:
---
title: Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interactionalias: data-unencrypted-shared-storage-no-user-interactionplatform: [android]profiles: [L1, L2]mappings:
masvs-v1: [MSTG-STORAGE-2]masvs-v2: [MASVS-STORAGE-1]mastg-v1: [MASTG-TEST-0052, MASTG-TEST-0001]
---
## Overview## Impact## Modes of Introduction## Mitigations
When creating the corresponding tests, use the following areas to guide you:
in scoped storage (external storage, Android)
in external storage (public folders e.g. SD card, Photos, Downloads, Caches, etc.)
in external caches
in app-crafted backups
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
cpholguera
changed the title
New Risk - Sensitive Data Stored Unencrypted in External Locations [data-unencrypted-external]
New Risk - Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction [data-unencrypted-shared-storage-no-user-interaction]
May 18, 2024
Description
Create a new risk for "Sensitive Data Stored Unencrypted in Shared Storage Requiring No User Interaction (MASVS-STORAGE-1)" using the following information:
Sensitive data may be stored in external locations (e.g. external storage, public folders, etc.) without encryption and may be accessible to other apps.
Create "
risks/MASVS-STORAGE/1-***-****/data-unencrypted-shared-storage-no-user-interaction/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-STORAGE/1-***-****/data-unencrypted-external/risk.md
)The text was updated successfully, but these errors were encountered: