You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating the corresponding tests, use the following areas to guide you:
hardcoded keys used at runtime
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Hi @cpholguera,
Can you explain a bit more about test-cases derived from this risk and what the term "hardcoded keys used at runtime" means here?
We came up with two possible conclusions here, first could be the detection of API tokens and secrets hardcoded in the code and the second conclusion could be the detection of keys of the cryptographic algorithm.
Thanks,
Description
Create a new risk for "Hardcoded Cryptographic Keys in Use (MASVS-CRYPTO-2)" using the following information:
One thing is to include hardcoded keys in the code, another is to use them.
Create "
risks/MASVS-CRYPTO/2-***-****/hardcoded-crypto-keys-usage/risk.md
" including the following content:To complete the sections follow the guidelines from Writing MASTG Risks & Tests
Use at least the following references:
When creating the corresponding tests, use the following areas to guide you:
MASTG v1 Refactoring:
If the risk has a MASVS v1 ID, you can use it to search for related tests in the MASTG and use them as input to define your risks and associated tests.
Acceptance Criteria
risks/MASVS-CRYPTO/2-***-****/hardcoded-crypto-keys-usage/risk.md
)The text was updated successfully, but these errors were encountered: