Skip to content

Commit

Permalink
Fix wrong overview text in ISTG-DES
Browse files Browse the repository at this point in the history 
See #12
  • Loading branch information
@rockhoppersec
rockhoppersec committed Jun 1, 2024
1 parent a6de525 commit befaaa1
Showing 1 changed file with 9 additions and 7 deletions.
16 changes: 9 additions & 7 deletions src/03_test_cases/data_exchange_services/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,17 @@

## Overview

This section includes test cases and categories for the component memory. Similar to the processing unit, the memory is a device-internal element that can only be accessed with *PA-4*. Establishing a direct connection to the memory might require specific hardware equipment (e.g., a debugging board or test probes).
This section includes test cases and categories for the component data exchange service. Based on its implementation and intended use, a data exchange service might be accessible with all physical access levels.

In regards to test case categories that are relevant for memory, the following were identified:
In regards to test case categories that are relevant for data exchange service, the following were identified:

- **Information Gathering:** Focuses on information that is stored on the memory chip and that might be disclosed to potential attackers if not being properly protected or removed.

- **Secrets:** Focuses on secrets that are stored on the memory chip in an insecure manner.

- **Cryptography:** Focuses on vulnerabilities in the cryptographic implementation.
* **Authorization:** Focuses on vulnerabilities that allow to get unauthorized access to the data exchange process or to elevate privileges in order to access restricted functionalities.
* **Information Gathering:** Focuses on information that is handled by the data exchange service and that might be disclosed to potential attackers if not being properly protected or removed.
* **Conguration and Patch Management:** Focuses on vulnerabilities and issues in the configuration of a data exchange service and its software components.
* **Secrets:** Focuses on secrets that are handled by the data exchange service in an insecure manner.
* **Cryptography:** Focuses on vulnerabilities in the cryptographic implementation.
* **Business Logic:** Focuses on vulnerabilities in the implementation of the data exchange service.
* **Input Validation:** Focuses on vulnerabilities regarding the validation and processing of input from untrustworthy sources.



Expand Down

0 comments on commit befaaa1

Please sign in to comment.