pytm icon indicating copy to clipboard operation
pytm copied to clipboard
verified publisher icon izar

DE01 Data Flow Sniffing - condition needs improvement

Open colesmj opened this issue 7 years ago • 1 comments

"DE01": { "description": "Data Flow Sniffing", "source": (Process, Element, Datastore), "target": Dataflow, "condition": "target.protocol == 'HTTP' and target.isEncrypted is False", },

In this threat, it checks to see if the protocol is HTTP and if the channel is unencrypted. A user by error may set the protocol but not the flag, or vice versa, unless there is code somewhere which makes the connection automatically. Instead, it may be best to make this an OR condition - either http or unencrypted will trigger the threat.

colesmj avatar Oct 21 '18 15:10 colesmj

Can you check this issue is still valid? The condition now is: not target.isEncrypted or (target.source.inScope and not target.isResponse and (not target.authenticatesDestination or not target.checksDestinationRevocation))

nineinchnick avatar Oct 04 '20 11:10 nineinchnick

Reviewing to clean up issues, and it seems this one has changed. Yes, DE01 seems "better" now, but DE03, which may be a duplicate threat, needs work. Will raise a separate PR for that issue.

colesmj avatar Jun 25 '23 14:06 colesmj