Content
- Fixed potential encoding bugs related to non-ASCII strings for some libraries (CS-Default, Hydras-AWS-Foundation, AWS-Lambda, HIPAA, and iot-security-compliance-framework).
- Some risk-patterns were refactored and mitigation factors updated for OWASP MASVS, HIPAA, PCI-DSS and EU GDPR libraries.
-
The threat (from IoT library) "EU-GDPR-ILLEGAL-PROCESSING-PERSONAL-DATA" with the name "Illegal processing of personal data" is changed with the following data:
-
ref: IOT-ILLEGAL-PROCESSING-PERSONAL-DATA
-
name: Illegal processing of personal data from IoT systems
-
-
In the OWASP MASVS library, the risk pattern “MOBILE-CLIENT:SENS-DATA” was joined to the other components of sensitive data and we created four risk patterns:
-
[MOBILE-CLIENT:SENS-DATA-PROCESSED] Mobile Client: Sensitive data processed
-
[MOBILE-CLIENT:SENS-DATA-RECEIVED] Mobile Client: Sensitive data received
-
[MOBILE-CLIENT:SENS-DATA-SENT] Mobile Client: Sensitive data sent
-
[MOBILE-CLIENT:SENS-DATA-STORED] Mobile Client: Sensitive data stored
-
Note: The other risk patterns were removed:
-
MOBILE-CLIENT:SENS-DATA
-
MOBILE-CLIENT:SENS-DATA-TRANSMIT
-
MOBILE-CLIENT:SENS-DATA-RECEIVED
-
MOBILE-CLIENT:SENS-DATA-STORAGE
-
-
-
Comments
0 comments
Article is closed for comments.