SCP [198, 201, 143, 144, 145, 146, 147, 148, 150] Cornucopia - Data Protection #129
Description
These are SCP coding practices used during Cornucopia threat modeling sessions that we could add here.
Memory Management
SCP [201] Avoid the use of known vulnerable functions (e.g., printf, strcat, strcpy etc.)
SCP [198] is referred to in C2.
Communication Security
SCP [143] Implement encryption for the transmission of all sensitive information. This should include TLS for protecting the connection and may be supplemented by discrete encryption of sensitive files or non-HTTP based connections
SCP [143] is referred to in CR4 and CR6.
SCP [144] TLS certificates should publicly should be valid and have the correct domain name, not be expired, and be installed with intermediate certificates when required
SCP [144] is referred to in CR7.
SCP [145] Failed TLS connections should not fall back to an insecure connection
SCP [145] is referred to in CR5 and CR7.
SCP [146] Utilize TLS connections for all content requiring authenticated access and for all other sensitive information
SCP [146] is referred to in CR6 and AT3.
SCP [147] : Utilize TLS for connections to external systems that involve sensitive information or functions
SCP [147] is referred to in CR6.
SCP [148] Utilize a single standard TLS implementation that is configured appropriately
SCP [148] is referred to in CR7.
Suggestion:
3. Encrypting Data in Transit
- Utilize TLS connections for all connectivity between a client and external-facing, HTTP-based services
- Ensure the TLS connections do not fall back to insecure or unencrypted communication
- Utilize a single standard TLS implementation with (preferably the latest) secure version of TLS
- Ensure the TLS connections are configured appropriately to validate certificates received before communicating and
checking revocation status
SCP [150] Filter parameters containing sensitive information from the HTTP referer, when linking to external sites
SCP [150] is referred to in VE7 and AT3.
Suggestion: Set a referrer policy to prevent leakage of sensitive data to third-party services via the 'Referer' HTTP request header field. This can be done using the Referrer-Policy HTTP response header field or via HTML element attributes
References:
ASVS 12.2.1: https://github.com/OWASP/ASVS/blob/master/5.0/en/0x21-V12-Secure-Communication.md#v122-https-communication-with-external-facing-services
ASVS 3.4.5 https://github.com/OWASP/ASVS/blob/master/5.0/en/0x12-V3-Web-Frontend-Security.md#v34-browser-security-mechanism-headers
Others:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referer
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Referrer-Policy
https://www.w3schools.com/tags/att_link_referrerpolicy.asp