mirror of
https://github.com/corona-warn-app/cwa-documentation
synced 2024-11-29 12:44:27 +01:00
Merge branch 'master' into SabineLoss-patch-1
This commit is contained in:
commit
d03bd1b76c
@ -15,7 +15,7 @@ Risks and threats identified during the conducted workshops are listed below. Pl
|
|||||||
- [PostgreSQL SQL injection](#threat-postgresql-sql-injection)
|
- [PostgreSQL SQL injection](#threat-postgresql-sql-injection)
|
||||||
- [Code injection flaws](#threat-code-injection-flaws)
|
- [Code injection flaws](#threat-code-injection-flaws)
|
||||||
- [Security misconfiguration](#threat-security-misconfiguration)
|
- [Security misconfiguration](#threat-security-misconfiguration)
|
||||||
- [Privacy issues through wrong choice of technology](#threat-wrong-choice-of-technology)
|
- [Wrong choice of technology](#threat-wrong-choice-of-technology)
|
||||||
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
||||||
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
||||||
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
||||||
@ -27,7 +27,7 @@ Risks and threats identified during the conducted workshops are listed below. Pl
|
|||||||
- [Insecure design](#threat-insecure-design)
|
- [Insecure design](#threat-insecure-design)
|
||||||
- [Insecure programming](#threat-insecure-programming)
|
- [Insecure programming](#threat-insecure-programming)
|
||||||
- [Security misconfiguration](#threat-security-misconfiguration)
|
- [Security misconfiguration](#threat-security-misconfiguration)
|
||||||
- [Privacy issues through wrong choice of technology](#threat-wrong-choice-of-technology)
|
- [Wrong choice of technology](#threat-wrong-choice-of-technology)
|
||||||
- [Identity disclosure through metadata correlation](#threat-identity-disclosure-meta-data-correlation)
|
- [Identity disclosure through metadata correlation](#threat-identity-disclosure-meta-data-correlation)
|
||||||
- <a name="risk-social-network-disclosure">Social network disclosure</a>
|
- <a name="risk-social-network-disclosure">Social network disclosure</a>
|
||||||
- Related threats
|
- Related threats
|
||||||
@ -40,7 +40,7 @@ Risks and threats identified during the conducted workshops are listed below. Pl
|
|||||||
- [Code injection flaws](#threat-code-injection-flaws)
|
- [Code injection flaws](#threat-code-injection-flaws)
|
||||||
- [Transaction hijacking](#threat-transaction-hijacking)
|
- [Transaction hijacking](#threat-transaction-hijacking)
|
||||||
- [Security misconfiguration](#threat-security-misconfiguration)
|
- [Security misconfiguration](#threat-security-misconfiguration)
|
||||||
- [Privacy issues through wrong choice of technology](#threat-wrong-choice-of-technology)
|
- [Wrong choice of technology](#threat-wrong-choice-of-technology)
|
||||||
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
||||||
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
||||||
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
||||||
@ -55,7 +55,7 @@ Risks and threats identified during the conducted workshops are listed below. Pl
|
|||||||
- [Code injection flaws](#threat-code-injection-flaws)
|
- [Code injection flaws](#threat-code-injection-flaws)
|
||||||
- [Transaction hijacking](#threat-transaction-hijacking)
|
- [Transaction hijacking](#threat-transaction-hijacking)
|
||||||
- [Security misconfiguration](#threat-security-misconfiguration)
|
- [Security misconfiguration](#threat-security-misconfiguration)
|
||||||
- [Privacy issues through wrong choice of technology](#threat-wrong-choice-of-technology)
|
- [Wrong choice of technology](#threat-wrong-choice-of-technology)
|
||||||
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
- [Spoofing of mobile application](#threat-spoofing-of-mobile-application)
|
||||||
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
- [Misbehavior of mobile application due to backup and/or restore of phone and/or mobile application](#threat-misbehavior-of-mobile-application-backup-restore)
|
||||||
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
- [Information leakage of unprotected phone and/or mobile application](#threat-information-leakage-unprotected-phone)
|
||||||
@ -138,7 +138,7 @@ Risks and threats identified during the conducted workshops are listed below. Pl
|
|||||||
- Distributed denial-of-service countermeasures
|
- Distributed denial-of-service countermeasures
|
||||||
- Use of mutual TLS v1.3 for server to server communication
|
- Use of mutual TLS v1.3 for server to server communication
|
||||||
#### Tracing Only
|
#### Tracing Only
|
||||||
- <a name="threat-wrong-choice-of-technology">Privacy issues through wrong choice of technology</a>
|
- <a name="threat-wrong-choice-of-technology">Wrong choice of technology</a>
|
||||||
- Proposed controls
|
- Proposed controls
|
||||||
- App-specific notification mechanism
|
- App-specific notification mechanism
|
||||||
- Minimal logging
|
- Minimal logging
|
||||||
|
Loading…
Reference in New Issue
Block a user