New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Risk and Test - Sensitive Data Stored Unencrypted in Private Storage Locations [data-unencrypted-private-storage] #2566
base: master
Are you sure you want to change the base?
Conversation
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
Thanks a lot @thomascannon, I'll give it a proper review as soon as I can. @serek8 thanks for starting a first review. You and Thomas made very good points there. We need to think about it. |
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
## Mitigations | ||
|
||
- Avoid storing sensitive data locally at all. | ||
- Use the platform's hardware-backed keystore solution to store the key used for encryption. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we offer more options to the users as it's detailed here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Which ones would you recommend? The main ones aside from keystore it mentions storing it server side which I probably wouldn't recommend in most cases and key derived from user input which could be good if the UX is acceptable (e.g. for a password manager).
We could just reference this whole section which raises another question about this process....should we just be duplicating (and updating) the current published mitigation advice but inside these risks? Or should we reference out to existing advice?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Flagged this to be discussed next week in the call. I think these are supposed to be moved to mitigations documents per the guide but the existing examples don't do that (yet). Also whether we should absorb the info from that link to the MASTG, reference it, or supersede it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per the call, for more specific and detailed recommended mitigations we should put them in their own mitigation files and link to them, and keep the high level / generic mitigations here. I'll work on splitting those out and creating mitigation documents based on the additional options @ZabGo linked above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @thomascannon and @ZabGo. The mitigations dir is here: https://github.com/OWASP/owasp-mastg/tree/master/mitigations
Keep in mind that ideally we'd like to make these mitigations as generic as possible so that they can be reused. Also note that the mitigations may also be platform-specific.
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
## Mitigations | ||
|
||
- Avoid storing sensitive data locally at all. | ||
- Use the platform's hardware-backed keystore solution to store the key used for encryption. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @thomascannon and @ZabGo. The mitigations dir is here: https://github.com/OWASP/owasp-mastg/tree/master/mitigations
Keep in mind that ideally we'd like to make these mitigations as generic as possible so that they can be reused. Also note that the mitigations may also be platform-specific.
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
…rypted-internal/risk.md Co-authored-by: Carlos Holguera <[email protected]>
…rypted-internal/risk.md Add refs Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please also change the directory name to data-unencrypted-private-storage
risks/MASVS-STORAGE/1-store-sensitive-data-securely/data-unencrypted-internal/risk.md
Outdated
Show resolved
Hide resolved
@@ -0,0 +1,30 @@ | |||
--- | |||
platform: android | |||
title: Sensitive Data Written to Private Data Directory (Sandbox) Unencrypted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
title: Sensitive Data Written to Private Data Directory (Sandbox) Unencrypted | |
title: Data Stored in the App Sandbox at Runtime |
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
...GE/1-store-sensitive-data-securely/data-unencrypted-internal/android-data-in-sandbox/test.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please create an demo directory demo-1/
with an demo.md and the rest of the required files? (see here, and the guidelines)
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
Co-authored-by: Carlos Holguera <[email protected]>
…a before-snapshot Co-authored-by: Carlos Holguera <[email protected]>
…rypted-internal/risk.md Co-authored-by: Carlos Holguera <[email protected]>
Closes #2544