Update INVAL to INPV

src/02_framework/methodology.md

@@ -166,7 +166,7 @@ Another way to expand the catalog is to add custom components, categories and te
             <td>Business Logic</td>
         </tr>
         <tr>
-            <td>IOT-*-INVAL</td>
+            <td>IOT-*-INPV</td>
             <td>Input Validation</td>
         </tr>
         <tr>

src/03_test_cases/data_exchange_services/README.md

@@ -1,32 +1,28 @@
 # 3.4. Data Exchange Services (IOT-DES)
 
 ## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-DES-AUTHZ)](#authorization-iot-des-authz)
-  * [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
-  * [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
-
-* [Information Gathering (IOT-DES-INFO)](#information-gathering-iot-des-info)
-  * [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
-  * [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
-  * [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
-
-* [Configuration and Patch Management (IOT-DES-CONF)](#configuration-and-patch-management-iot-des-conf)
-  * [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
-  * [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
-
-* [Secrets (IOT-DES-SCRT)](#secrets-iot-des-scrt)
-  * [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
-
-* [Cryptography (IOT-DES-CRYPT)](#cryptography-iot-des-crypt)
-  * [Usage of Weak Cryptographic Algorithms  (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
-
-* [Business Logic  (IOT-DES-LOGIC)](#business-logic-iot-des-logic)
-  * [Circumvention of the Intended Business Logic  (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
-
-* [Input Validation (IOT-DES-INVAL)](#input-validation-iot-des-inval)
-  * [Insufficient Input Validation (IOT-DES-INVAL-001)](#insufficient-input-validation-iot-des-inval-001)
-  * [Code or Command Injection (IOT-DES-INVAL-002)](#code-or-command-injection-iot-des-inval-002)
+- [3.4. Data Exchange Services (IOT-DES)](#34-data-exchange-services-iot-des)
+	- [Table of Contents](#table-of-contents)
+	- [Overview](#overview)
+	- [Authorization (IOT-DES-AUTHZ)](#authorization-iot-des-authz)
+		- [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
+		- [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
+	- [Information Gathering (IOT-DES-INFO)](#information-gathering-iot-des-info)
+		- [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
+		- [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
+		- [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
+	- [Configuration and Patch Management (IOT-DES-CONF)](#configuration-and-patch-management-iot-des-conf)
+		- [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
+		- [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
+	- [Secrets (IOT-DES-SCRT)](#secrets-iot-des-scrt)
+		- [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
+	- [Cryptography (IOT-DES-CRYPT)](#cryptography-iot-des-crypt)
+		- [Usage of Weak Cryptographic Algorithms (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
+	- [Business Logic (IOT-DES-LOGIC)](#business-logic-iot-des-logic)
+		- [Circumvention of the Intended Business Logic (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
+	- [Input Validation (IOT-DES-INPV)](#input-validation-iot-des-inpv)
+		- [Insufficient Input Validation (IOT-DES-INPV-001)](#insufficient-input-validation-iot-des-inpv-001)
+		- [Code or Command Injection (IOT-DES-INPV-002)](#code-or-command-injection-iot-des-inpv-002)
 
 
 
@@ -479,11 +475,11 @@ For this test case, data from the following sources was consolidated:
 
 
 
-## Input Validation (IOT-DES-INVAL)
+## Input Validation (IOT-DES-INPV)
 
 In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
 
-### Insufficient Input Validation (IOT-DES-INVAL-001)
+### Insufficient Input Validation (IOT-DES-INPV-001)
 
 **Required Access Levels**
 
@@ -522,7 +518,7 @@ For this test case, data from the following sources was consolidated:
 * ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-### Code or Command Injection (IOT-DES-INVAL-002)
+### Code or Command Injection (IOT-DES-INPV-002)
 
 **Required Access Levels**
 
@@ -543,7 +539,7 @@ If no input validation is performed or only an insufficient input validation mec
 
 **Test Objectives**
 
-- Based on [IOT-DES-INVAL-001](#insufficient-input-validation-iot-des-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-DES-INPV-001](#insufficient-input-validation-iot-des-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
 
 **Remediation**
 

src/03_test_cases/internal_interfaces/README.md

@@ -1,26 +1,28 @@
 # 3.5. Internal Interfaces (IOT-INT)
 
 ## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-INT-AUTHZ)](#authorization-iot-int-authz)
-  * [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
-  * [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
-* [Information Gathering (IOT-INT-INFO)](#information-gathering-iot-int-info)
-  * [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
-  * [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
-  * [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
-* [Configuration and Patch Management (IOT-INT-CONF)](#configuration-and-patch-management-iot-int-conf)
-  * [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
-  * [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
-* [Secrets (IOT-INT-SCRT)](#secrets-iot-int-scrt)
-  * [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
-* [Cryptography (IOT-INT-CRYPT)](#cryptography-iot-int-crypt)
-  * [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
-* [Business Logic (IOT-INT-LOGIC)](#business-logic-iot-int-logic)
-  * [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
-* [Input Validation (IOT-INT-INVAL)](#input-validation-iot-int-inval)
-  * [Insufficient Input Validation (IOT-INT-INVAL-001)](#insufficient-input-validation-iot-int-inval-001)
-  * [Code or Command Injection (IOT-INT-INVAL-002)](#code-or-command-injection-iot-int-inval-002)
+- [3.5. Internal Interfaces (IOT-INT)](#35-internal-interfaces-iot-int)
+	- [Table of Contents](#table-of-contents)
+	- [Overview](#overview)
+	- [Authorization (IOT-INT-AUTHZ)](#authorization-iot-int-authz)
+		- [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
+		- [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
+	- [Information Gathering (IOT-INT-INFO)](#information-gathering-iot-int-info)
+		- [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
+		- [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
+		- [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
+	- [Configuration and Patch Management (IOT-INT-CONF)](#configuration-and-patch-management-iot-int-conf)
+		- [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
+		- [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
+	- [Secrets (IOT-INT-SCRT)](#secrets-iot-int-scrt)
+		- [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
+	- [Cryptography (IOT-INT-CRYPT)](#cryptography-iot-int-crypt)
+		- [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
+	- [Business Logic (IOT-INT-LOGIC)](#business-logic-iot-int-logic)
+		- [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
+	- [Input Validation (IOT-INT-INPV)](#input-validation-iot-int-inpv)
+		- [Insufficient Input Validation (IOT-INT-INPV-001)](#insufficient-input-validation-iot-int-inpv-001)
+		- [Code or Command Injection (IOT-INT-INPV-002)](#code-or-command-injection-iot-int-inpv-002)
 
 
 
@@ -470,11 +472,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
 
 
 
-## Input Validation (IOT-INT-INVAL)
+## Input Validation (IOT-INT-INPV)
 
 In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
 
-### Insufficient Input Validation (IOT-INT-INVAL-001)
+### Insufficient Input Validation (IOT-INT-INPV-001)
 **Required Access Levels**
 
 <table width="100%">
@@ -511,9 +513,9 @@ For this test case, data from the following sources was consolidated:
 * ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
 
-### Code or Command Injection (IOT-INT-INVAL-002)
+### Code or Command Injection (IOT-INT-INPV-002)
 **Required Access Levels**
 
 <table width="100%">
@@ -532,7 +534,7 @@ If no input validation is performed or only an insufficient input validation mec
 
 **Test Objectives**
 
-- Based on [IOT-INT-INVAL-001](#insufficient-input-validation-iot-int-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-INT-INPV-001](#insufficient-input-validation-iot-int-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
 
 **Remediation**
 
@@ -548,7 +550,7 @@ For this test case, data from the following sources was consolidated:
 * ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).
 
 
 

src/03_test_cases/physical_interfaces/README.md

@@ -1,26 +1,28 @@
 # 3.6. Physical Interfaces (IOT-PHY)
 
 ## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-PHY-AUTHZ)](#authorization-iot-phy-authz)
-  * [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
-  * [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
-* [Information Gathering (IOT-PHY-INFO)](#information-gathering-iot-phy-info)
-  * [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
-  * [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
-  * [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
-* [Configuration and Patch Management (IOT-PHY-CONF)](#configuration-and-patch-management-iot-phy-conf)
-  * [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
-  * [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
-* [Secrets (IOT-PHY-SCRT)](#secrets-iot-phy-scrt)
-  * [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
-* [Cryptography (IOT-PHY-CRYPT)](#cryptography-iot-phy-crypt)
-  * [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
-* [Business Logic (IOT-PHY-LOGIC)](#business-logic-iot-phy-logic)
-  * [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
-* [Input Validation (IOT-PHY-INVAL)](#input-validation-iot-phy-inval)
-  * [Insufficient Input Validation (IOT-PHY-INVAL-001)](#insufficient-input-validation-iot-phy-inval-001)
-  * [Code or Command Injection (IOT-PHY-INVAL-002)](#code-or-command-injection-iot-phy-inval-002)
+- [3.6. Physical Interfaces (IOT-PHY)](#36-physical-interfaces-iot-phy)
+	- [Table of Contents](#table-of-contents)
+	- [Overview](#overview)
+	- [Authorization (IOT-PHY-AUTHZ)](#authorization-iot-phy-authz)
+		- [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
+		- [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
+	- [Information Gathering (IOT-PHY-INFO)](#information-gathering-iot-phy-info)
+		- [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
+		- [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
+		- [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
+	- [Configuration and Patch Management (IOT-PHY-CONF)](#configuration-and-patch-management-iot-phy-conf)
+		- [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
+		- [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
+	- [Secrets (IOT-PHY-SCRT)](#secrets-iot-phy-scrt)
+		- [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
+	- [Cryptography (IOT-PHY-CRYPT)](#cryptography-iot-phy-crypt)
+		- [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
+	- [Business Logic (IOT-PHY-LOGIC)](#business-logic-iot-phy-logic)
+		- [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
+	- [Input Validation (IOT-PHY-INPV)](#input-validation-iot-phy-inpv)
+		- [Insufficient Input Validation (IOT-PHY-INPV-001)](#insufficient-input-validation-iot-phy-inpv-001)
+		- [Code or Command Injection (IOT-PHY-INPV-002)](#code-or-command-injection-iot-phy-inpv-002)
 
 
 
@@ -452,11 +454,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
 
 
 
-## Input Validation (IOT-PHY-INVAL)
+## Input Validation (IOT-PHY-INPV)
 
 In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
 
-### Insufficient Input Validation (IOT-PHY-INVAL-001)
+### Insufficient Input Validation (IOT-PHY-INPV-001)
 **Required Access Levels**
 
 <table width="100%">
@@ -490,9 +492,9 @@ For this test case, data from the following sources was consolidated:
 * ["IoT Pentesting Guide"][iot_pentesting_guide] by Aditya Gupta
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
 
-### Code or Command Injection (IOT-PHY-INVAL-002)
+### Code or Command Injection (IOT-PHY-INPV-002)
 **Required Access Levels**
 
 <table width="100%">
@@ -511,7 +513,7 @@ If no input validation is performed or only an insufficient input validation mec
 
 **Test Objectives**
 
-- Based on [IOT-PHY-INVAL-001](#insufficient-input-validation-iot-phy-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-PHY-INPV-001](#insufficient-input-validation-iot-phy-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
 
 **Remediation**
 
@@ -524,7 +526,7 @@ For this test case, data from the following sources was consolidated:
 * ["IoT Pentesting Guide"][iot_pentesting_guide] by Aditya Gupta
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).