Add Risk and Test - Sensitive Data Stored Unencrypted in Private Storage Locations [data-unencrypted-private-storage] #2566
Conversation
thomascannon
changed the title
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
|
Thanks a lot @thomascannon, I'll give it a proper review as soon as I can. @serek8 thanks for starting a first review. You and Thomas made very good points there. We need to think about it. |
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
| ## Mitigations | ||
|
|
||
| - Avoid storing sensitive data locally at all. | ||
| - Use the platform's hardware-backed keystore solution to store the key used for encryption. |
There was a problem hiding this comment.
Should we offer more options to the users as it's detailed here?
There was a problem hiding this comment.
Which ones would you recommend? The main ones aside from keystore it mentions storing it server side which I probably wouldn't recommend in most cases and key derived from user input which could be good if the UX is acceptable (e.g. for a password manager).
We could just reference this whole section which raises another question about this process....should we just be duplicating (and updating) the current published mitigation advice but inside these risks? Or should we reference out to existing advice?
There was a problem hiding this comment.
Flagged this to be discussed next week in the call. I think these are supposed to be moved to mitigations documents per the guide but the existing examples don't do that (yet). Also whether we should absorb the info from that link to the MASTG, reference it, or supersede it.
There was a problem hiding this comment.
Per the call, for more specific and detailed recommended mitigations we should put them in their own mitigation files and link to them, and keep the high level / generic mitigations here. I'll work on splitting those out and creating mitigation documents based on the additional options @ZabGo linked above.
There was a problem hiding this comment.
Thanks @thomascannon and @ZabGo. The mitigations dir is here: https://github.com/OWASP/owasp-mastg/tree/master/mitigations
Keep in mind that ideally we'd like to make these mitigations as generic as possible so that they can be reused. Also note that the mitigations may also be platform-specific.
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
| ## Mitigations | ||
|
|
||
| - Avoid storing sensitive data locally at all. | ||
| - Use the platform's hardware-backed keystore solution to store the key used for encryption. |
There was a problem hiding this comment.
Thanks @thomascannon and @ZabGo. The mitigations dir is here: https://github.com/OWASP/owasp-mastg/tree/master/mitigations
Keep in mind that ideally we'd like to make these mitigations as generic as possible so that they can be reused. Also note that the mitigations may also be platform-specific.
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
…rypted-internal/risk.md Co-authored-by: Carlos Holguera <[email protected]>
…rypted-internal/risk.md Add refs Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
please also change the directory name to data-unencrypted-private-storage
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
| @@ -0,0 +1,30 @@ | |||
| --- | |||
| platform: android | |||
| title: Sensitive Data Written to Private Data Directory (Sandbox) Unencrypted | |||
There was a problem hiding this comment.
| title: Sensitive Data Written to Private Data Directory (Sandbox) Unencrypted | |
| title: Data Stored in the App Sandbox at Runtime |
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Could you please create an demo directory demo-1/ with an demo.md and the rest of the required files? (see here, and the guidelines)
cpholguera
changed the title
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
…a before-snapshot Co-authored-by: Carlos Holguera <[email protected]>
…rypted-internal/risk.md Co-authored-by: Carlos Holguera <[email protected]>
Closes #2544