diff --git a/src/02_framework/methodology.md b/src/02_framework/methodology.md
index 94b8390..79ce906 100644
--- a/src/02_framework/methodology.md
+++ b/src/02_framework/methodology.md
@@ -166,7 +166,7 @@ Another way to expand the catalog is to add custom components, categories and te
| Business Logic |
- | IOT-*-INVAL |
+ IOT-*-INPV |
Input Validation |
diff --git a/src/03_test_cases/data_exchange_services/README.md b/src/03_test_cases/data_exchange_services/README.md
index 8af1f28..11e5ff2 100644
--- a/src/03_test_cases/data_exchange_services/README.md
+++ b/src/03_test_cases/data_exchange_services/README.md
@@ -1,32 +1,28 @@
# 3.4. Data Exchange Services (IOT-DES)
## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-DES-AUTHZ)](#authorization-iot-des-authz)
- * [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
- * [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
-
-* [Information Gathering (IOT-DES-INFO)](#information-gathering-iot-des-info)
- * [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
- * [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
- * [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
-
-* [Configuration and Patch Management (IOT-DES-CONF)](#configuration-and-patch-management-iot-des-conf)
- * [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
- * [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
-
-* [Secrets (IOT-DES-SCRT)](#secrets-iot-des-scrt)
- * [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
-
-* [Cryptography (IOT-DES-CRYPT)](#cryptography-iot-des-crypt)
- * [Usage of Weak Cryptographic Algorithms (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
-
-* [Business Logic (IOT-DES-LOGIC)](#business-logic-iot-des-logic)
- * [Circumvention of the Intended Business Logic (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
-
-* [Input Validation (IOT-DES-INVAL)](#input-validation-iot-des-inval)
- * [Insufficient Input Validation (IOT-DES-INVAL-001)](#insufficient-input-validation-iot-des-inval-001)
- * [Code or Command Injection (IOT-DES-INVAL-002)](#code-or-command-injection-iot-des-inval-002)
+- [3.4. Data Exchange Services (IOT-DES)](#34-data-exchange-services-iot-des)
+ - [Table of Contents](#table-of-contents)
+ - [Overview](#overview)
+ - [Authorization (IOT-DES-AUTHZ)](#authorization-iot-des-authz)
+ - [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
+ - [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
+ - [Information Gathering (IOT-DES-INFO)](#information-gathering-iot-des-info)
+ - [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
+ - [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
+ - [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
+ - [Configuration and Patch Management (IOT-DES-CONF)](#configuration-and-patch-management-iot-des-conf)
+ - [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
+ - [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
+ - [Secrets (IOT-DES-SCRT)](#secrets-iot-des-scrt)
+ - [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
+ - [Cryptography (IOT-DES-CRYPT)](#cryptography-iot-des-crypt)
+ - [Usage of Weak Cryptographic Algorithms (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
+ - [Business Logic (IOT-DES-LOGIC)](#business-logic-iot-des-logic)
+ - [Circumvention of the Intended Business Logic (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
+ - [Input Validation (IOT-DES-INPV)](#input-validation-iot-des-inpv)
+ - [Insufficient Input Validation (IOT-DES-INPV-001)](#insufficient-input-validation-iot-des-inpv-001)
+ - [Code or Command Injection (IOT-DES-INPV-002)](#code-or-command-injection-iot-des-inpv-002)
@@ -479,11 +475,11 @@ For this test case, data from the following sources was consolidated:
-## Input Validation (IOT-DES-INVAL)
+## Input Validation (IOT-DES-INPV)
In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
-### Insufficient Input Validation (IOT-DES-INVAL-001)
+### Insufficient Input Validation (IOT-DES-INPV-001)
**Required Access Levels**
@@ -522,7 +518,7 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-### Code or Command Injection (IOT-DES-INVAL-002)
+### Code or Command Injection (IOT-DES-INPV-002)
**Required Access Levels**
@@ -543,7 +539,7 @@ If no input validation is performed or only an insufficient input validation mec
**Test Objectives**
-- Based on [IOT-DES-INVAL-001](#insufficient-input-validation-iot-des-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-DES-INPV-001](#insufficient-input-validation-iot-des-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
**Remediation**
diff --git a/src/03_test_cases/internal_interfaces/README.md b/src/03_test_cases/internal_interfaces/README.md
index a20054e..c9237a3 100644
--- a/src/03_test_cases/internal_interfaces/README.md
+++ b/src/03_test_cases/internal_interfaces/README.md
@@ -1,26 +1,28 @@
# 3.5. Internal Interfaces (IOT-INT)
## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-INT-AUTHZ)](#authorization-iot-int-authz)
- * [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
- * [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
-* [Information Gathering (IOT-INT-INFO)](#information-gathering-iot-int-info)
- * [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
- * [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
- * [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
-* [Configuration and Patch Management (IOT-INT-CONF)](#configuration-and-patch-management-iot-int-conf)
- * [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
- * [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
-* [Secrets (IOT-INT-SCRT)](#secrets-iot-int-scrt)
- * [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
-* [Cryptography (IOT-INT-CRYPT)](#cryptography-iot-int-crypt)
- * [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
-* [Business Logic (IOT-INT-LOGIC)](#business-logic-iot-int-logic)
- * [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
-* [Input Validation (IOT-INT-INVAL)](#input-validation-iot-int-inval)
- * [Insufficient Input Validation (IOT-INT-INVAL-001)](#insufficient-input-validation-iot-int-inval-001)
- * [Code or Command Injection (IOT-INT-INVAL-002)](#code-or-command-injection-iot-int-inval-002)
+- [3.5. Internal Interfaces (IOT-INT)](#35-internal-interfaces-iot-int)
+ - [Table of Contents](#table-of-contents)
+ - [Overview](#overview)
+ - [Authorization (IOT-INT-AUTHZ)](#authorization-iot-int-authz)
+ - [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
+ - [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
+ - [Information Gathering (IOT-INT-INFO)](#information-gathering-iot-int-info)
+ - [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
+ - [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
+ - [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
+ - [Configuration and Patch Management (IOT-INT-CONF)](#configuration-and-patch-management-iot-int-conf)
+ - [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
+ - [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
+ - [Secrets (IOT-INT-SCRT)](#secrets-iot-int-scrt)
+ - [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
+ - [Cryptography (IOT-INT-CRYPT)](#cryptography-iot-int-crypt)
+ - [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
+ - [Business Logic (IOT-INT-LOGIC)](#business-logic-iot-int-logic)
+ - [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
+ - [Input Validation (IOT-INT-INPV)](#input-validation-iot-int-inpv)
+ - [Insufficient Input Validation (IOT-INT-INPV-001)](#insufficient-input-validation-iot-int-inpv-001)
+ - [Code or Command Injection (IOT-INT-INPV-002)](#code-or-command-injection-iot-int-inpv-002)
@@ -470,11 +472,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
-## Input Validation (IOT-INT-INVAL)
+## Input Validation (IOT-INT-INPV)
In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
-### Insufficient Input Validation (IOT-INT-INVAL-001)
+### Insufficient Input Validation (IOT-INT-INPV-001)
**Required Access Levels**
@@ -511,9 +513,9 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
-### Code or Command Injection (IOT-INT-INVAL-002)
+### Code or Command Injection (IOT-INT-INPV-002)
**Required Access Levels**
@@ -532,7 +534,7 @@ If no input validation is performed or only an insufficient input validation mec
**Test Objectives**
-- Based on [IOT-INT-INVAL-001](#insufficient-input-validation-iot-int-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-INT-INPV-001](#insufficient-input-validation-iot-int-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
**Remediation**
@@ -548,7 +550,7 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).
diff --git a/src/03_test_cases/physical_interfaces/README.md b/src/03_test_cases/physical_interfaces/README.md
index f8ed688..1a7feea 100644
--- a/src/03_test_cases/physical_interfaces/README.md
+++ b/src/03_test_cases/physical_interfaces/README.md
@@ -1,26 +1,28 @@
# 3.6. Physical Interfaces (IOT-PHY)
## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-PHY-AUTHZ)](#authorization-iot-phy-authz)
- * [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
- * [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
-* [Information Gathering (IOT-PHY-INFO)](#information-gathering-iot-phy-info)
- * [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
- * [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
- * [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
-* [Configuration and Patch Management (IOT-PHY-CONF)](#configuration-and-patch-management-iot-phy-conf)
- * [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
- * [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
-* [Secrets (IOT-PHY-SCRT)](#secrets-iot-phy-scrt)
- * [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
-* [Cryptography (IOT-PHY-CRYPT)](#cryptography-iot-phy-crypt)
- * [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
-* [Business Logic (IOT-PHY-LOGIC)](#business-logic-iot-phy-logic)
- * [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
-* [Input Validation (IOT-PHY-INVAL)](#input-validation-iot-phy-inval)
- * [Insufficient Input Validation (IOT-PHY-INVAL-001)](#insufficient-input-validation-iot-phy-inval-001)
- * [Code or Command Injection (IOT-PHY-INVAL-002)](#code-or-command-injection-iot-phy-inval-002)
+- [3.6. Physical Interfaces (IOT-PHY)](#36-physical-interfaces-iot-phy)
+ - [Table of Contents](#table-of-contents)
+ - [Overview](#overview)
+ - [Authorization (IOT-PHY-AUTHZ)](#authorization-iot-phy-authz)
+ - [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
+ - [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
+ - [Information Gathering (IOT-PHY-INFO)](#information-gathering-iot-phy-info)
+ - [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
+ - [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
+ - [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
+ - [Configuration and Patch Management (IOT-PHY-CONF)](#configuration-and-patch-management-iot-phy-conf)
+ - [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
+ - [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
+ - [Secrets (IOT-PHY-SCRT)](#secrets-iot-phy-scrt)
+ - [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
+ - [Cryptography (IOT-PHY-CRYPT)](#cryptography-iot-phy-crypt)
+ - [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
+ - [Business Logic (IOT-PHY-LOGIC)](#business-logic-iot-phy-logic)
+ - [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
+ - [Input Validation (IOT-PHY-INPV)](#input-validation-iot-phy-inpv)
+ - [Insufficient Input Validation (IOT-PHY-INPV-001)](#insufficient-input-validation-iot-phy-inpv-001)
+ - [Code or Command Injection (IOT-PHY-INPV-002)](#code-or-command-injection-iot-phy-inpv-002)
@@ -452,11 +454,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
-## Input Validation (IOT-PHY-INVAL)
+## Input Validation (IOT-PHY-INPV)
In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
-### Insufficient Input Validation (IOT-PHY-INVAL-001)
+### Insufficient Input Validation (IOT-PHY-INPV-001)
**Required Access Levels**
@@ -490,9 +492,9 @@ For this test case, data from the following sources was consolidated:
* ["IoT Pentesting Guide"][iot_pentesting_guide] by Aditya Gupta
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
-### Code or Command Injection (IOT-PHY-INVAL-002)
+### Code or Command Injection (IOT-PHY-INPV-002)
**Required Access Levels**
@@ -511,7 +513,7 @@ If no input validation is performed or only an insufficient input validation mec
**Test Objectives**
-- Based on [IOT-PHY-INVAL-001](#insufficient-input-validation-iot-phy-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-PHY-INPV-001](#insufficient-input-validation-iot-phy-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
**Remediation**
@@ -524,7 +526,7 @@ For this test case, data from the following sources was consolidated:
* ["IoT Pentesting Guide"][iot_pentesting_guide] by Aditya Gupta
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).
diff --git a/src/03_test_cases/user_interfaces/README.md b/src/03_test_cases/user_interfaces/README.md
index 19d9cf9..7540808 100644
--- a/src/03_test_cases/user_interfaces/README.md
+++ b/src/03_test_cases/user_interfaces/README.md
@@ -1,26 +1,28 @@
# 3.8. User Interfaces (IOT-UI)
## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-UI-AUTHZ)](#authorization-iot-ui-authz)
- * [Unauthorized Access to the Interface (IOT-UI-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-ui-authz-001)
- * [Privilege Escalation (IOT-UI-AUTHZ-002)](#privilege-escalation-iot-ui-authz-002)
-* [Information Gathering (IOT-UI-INFO)](#information-gathering-iot-ui-info)
- * [Disclosure of Implementation Details (IOT-UI-INFO-001)](#disclosure-of-implementation-details-iot-ui-info-001)
- * [Disclosure of Ecosystem Details (IOT-UI-INFO-002)](#disclosure-of-ecosystem-details-iot-ui-info-002)
- * [Disclosure of User Data (IOT-UI-INFO-003)](#disclosure-of-user-data-iot-ui-info-003)
-* [Configuration and Patch Management (IOT-UI-CONF)](#configuration-and-patch-management-iot-ui-conf)
- * [Usage of Outdated Software (IOT-UI-CONF-001)](#usage-of-outdated-software-iot-ui-conf-001)
- * [Presence of Unnecessary Software and Functionalities (IOT-UI-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-ui-conf-002)
-* [Secrets (IOT-UI-SCRT)](#secrets-iot-ui-scrt)
- * [Access to Confidential Data (IOT-UI-SCRT-001)](#access-to-confidential-data-iot-ui-scrt-001)
-* [Cryptography (IOT-UI-CRYPT)](#cryptography-iot-ui-crypt)
- * [Usage of Weak Cryptographic Algorithms (IOT-UI-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-ui-crypt-001)
-* [Business Logic (IOT-UI-LOGIC)](#business-logic-iot-ui-logic)
- * [Circumvention of the Intended Business Logic (IOT-UI-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-ui-logic-001)
-* [Input Validation (IOT-UI-INVAL)](#input-validation-iot-ui-inval)
- * [Insufficient Input Validation (IOT-UI-INVAL-001)](#insufficient-input-validation-iot-ui-inval-001)
- * [Code or Command Injection (IOT-UI-INVAL-002)](#code-or-command-injection-iot-ui-inval-002)
+- [3.8. User Interfaces (IOT-UI)](#38-user-interfaces-iot-ui)
+ - [Table of Contents](#table-of-contents)
+ - [Overview](#overview)
+ - [Authorization (IOT-UI-AUTHZ)](#authorization-iot-ui-authz)
+ - [Unauthorized Access to the Interface (IOT-UI-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-ui-authz-001)
+ - [Privilege Escalation (IOT-UI-AUTHZ-002)](#privilege-escalation-iot-ui-authz-002)
+ - [Information Gathering (IOT-UI-INFO)](#information-gathering-iot-ui-info)
+ - [Disclosure of Implementation Details (IOT-UI-INFO-001)](#disclosure-of-implementation-details-iot-ui-info-001)
+ - [Disclosure of Ecosystem Details (IOT-UI-INFO-002)](#disclosure-of-ecosystem-details-iot-ui-info-002)
+ - [Disclosure of User Data (IOT-UI-INFO-003)](#disclosure-of-user-data-iot-ui-info-003)
+ - [Configuration and Patch Management (IOT-UI-CONF)](#configuration-and-patch-management-iot-ui-conf)
+ - [Usage of Outdated Software (IOT-UI-CONF-001)](#usage-of-outdated-software-iot-ui-conf-001)
+ - [Presence of Unnecessary Software and Functionalities (IOT-UI-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-ui-conf-002)
+ - [Secrets (IOT-UI-SCRT)](#secrets-iot-ui-scrt)
+ - [Access to Confidential Data (IOT-UI-SCRT-001)](#access-to-confidential-data-iot-ui-scrt-001)
+ - [Cryptography (IOT-UI-CRYPT)](#cryptography-iot-ui-crypt)
+ - [Usage of Weak Cryptographic Algorithms (IOT-UI-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-ui-crypt-001)
+ - [Business Logic (IOT-UI-LOGIC)](#business-logic-iot-ui-logic)
+ - [Circumvention of the Intended Business Logic (IOT-UI-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-ui-logic-001)
+ - [Input Validation (IOT-UI-INPV)](#input-validation-iot-ui-inpv)
+ - [Insufficient Input Validation (IOT-UI-INPV-001)](#insufficient-input-validation-iot-ui-inpv-001)
+ - [Code or Command Injection (IOT-UI-INPV-002)](#code-or-command-injection-iot-ui-inpv-002)
@@ -478,11 +480,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
-## Input Validation (IOT-UI-INVAL)
+## Input Validation (IOT-UI-INPV)
In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
-### Insufficient Input Validation (IOT-UI-INVAL-001)
+### Insufficient Input Validation (IOT-UI-INPV-001)
**Required Access Levels**
@@ -520,9 +522,9 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
-### Code or Command Injection (IOT-UI-INVAL-002)
+### Code or Command Injection (IOT-UI-INPV-002)
**Required Access Levels**
@@ -541,7 +543,7 @@ If no input validation is performed or only an insufficient input validation mec
**Test Objectives**
-- Based on [IOT-UI-INVAL-001](#insufficient-input-validation-iot-ui-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-UI-INPV-001](#insufficient-input-validation-iot-ui-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
**Remediation**
@@ -558,7 +560,7 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).
diff --git a/src/03_test_cases/wireless_interfaces/README.md b/src/03_test_cases/wireless_interfaces/README.md
index a0bb7d0..9507406 100644
--- a/src/03_test_cases/wireless_interfaces/README.md
+++ b/src/03_test_cases/wireless_interfaces/README.md
@@ -1,26 +1,28 @@
# 3.7. Wireless Interfaces (IOT-WRLS)
## Table of Contents
-* [Overview](#overview)
-* [Authorization (IOT-WRLS-AUTHZ)](#authorization-iot-wrls-authz)
- * [Unauthorized Access to the Interface (IOT-WRLS-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-wrls-authz-001)
- * [Privilege Escalation (IOT-WRLS-AUTHZ-002)](#privilege-escalation-iot-wrls-authz-002)
-* [Information Gathering (IOT-WRLS-INFO)](#information-gathering-iot-wrls-info)
- * [Disclosure of Implementation Details (IOT-WRLS-INFO-001)](#disclosure-of-implementation-details-iot-wrls-info-001)
- * [Disclosure of Ecosystem Details (IOT-WRLS-INFO-002)](#disclosure-of-ecosystem-details-iot-wrls-info-002)
- * [Disclosure of User Data (IOT-WRLS-INFO-003)](#disclosure-of-user-data-iot-wrls-info-003)
-* [Configuration and Patch Management (IOT-WRLS-CONF)](#configuration-and-patch-management-iot-wrls-conf)
- * [Usage of Outdated Software (IOT-WRLS-CONF-001)](#usage-of-outdated-software-iot-wrls-conf-001)
- * [Presence of Unnecessary Software and Functionalities (IOT-WRLS-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-wrls-conf-002)
-* [Secrets (IOT-WRLS-SCRT)](#secrets-iot-wrls-scrt)
- * [Access to Confidential Data (IOT-WRLS-SCRT-001)](#access-to-confidential-data-iot-wrls-scrt-001)
-* [Cryptography (IOT-WRLS-CRYPT)](#cryptography-iot-wrls-crypt)
- * [Usage of Weak Cryptographic Algorithms (IOT-WRLS-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-wrls-crypt-001)
-* [Business Logic (IOT-WRLS-LOGIC)](#business-logic-iot-wrls-logic)
- * [Circumvention of the Intended Business Logic (IOT-WRLS-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-wrls-logic-001)
-* [Input Validation (IOT-WRLS-INVAL)](#input-validation-iot-wrls-inval)
- * [Insufficient Input Validation (IOT-WRLS-INVAL-001)](#insufficient-input-validation-iot-wrls-inval-001)
- * [Code or Command Injection (IOT-WRLS-INVAL-002)](#code-or-command-injection-iot-wrls-inval-002)
+- [3.7. Wireless Interfaces (IOT-WRLS)](#37-wireless-interfaces-iot-wrls)
+ - [Table of Contents](#table-of-contents)
+ - [Overview](#overview)
+ - [Authorization (IOT-WRLS-AUTHZ)](#authorization-iot-wrls-authz)
+ - [Unauthorized Access to the Interface (IOT-WRLS-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-wrls-authz-001)
+ - [Privilege Escalation (IOT-WRLS-AUTHZ-002)](#privilege-escalation-iot-wrls-authz-002)
+ - [Information Gathering (IOT-WRLS-INFO)](#information-gathering-iot-wrls-info)
+ - [Disclosure of Implementation Details (IOT-WRLS-INFO-001)](#disclosure-of-implementation-details-iot-wrls-info-001)
+ - [Disclosure of Ecosystem Details (IOT-WRLS-INFO-002)](#disclosure-of-ecosystem-details-iot-wrls-info-002)
+ - [Disclosure of User Data (IOT-WRLS-INFO-003)](#disclosure-of-user-data-iot-wrls-info-003)
+ - [Configuration and Patch Management (IOT-WRLS-CONF)](#configuration-and-patch-management-iot-wrls-conf)
+ - [Usage of Outdated Software (IOT-WRLS-CONF-001)](#usage-of-outdated-software-iot-wrls-conf-001)
+ - [Presence of Unnecessary Software and Functionalities (IOT-WRLS-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-wrls-conf-002)
+ - [Secrets (IOT-WRLS-SCRT)](#secrets-iot-wrls-scrt)
+ - [Access to Confidential Data (IOT-WRLS-SCRT-001)](#access-to-confidential-data-iot-wrls-scrt-001)
+ - [Cryptography (IOT-WRLS-CRYPT)](#cryptography-iot-wrls-crypt)
+ - [Usage of Weak Cryptographic Algorithms (IOT-WRLS-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-wrls-crypt-001)
+ - [Business Logic (IOT-WRLS-LOGIC)](#business-logic-iot-wrls-logic)
+ - [Circumvention of the Intended Business Logic (IOT-WRLS-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-wrls-logic-001)
+ - [Input Validation (IOT-WRLS-INPV)](#input-validation-iot-wrls-inpv)
+ - [Insufficient Input Validation (IOT-WRLS-INPV-001)](#insufficient-input-validation-iot-wrls-inpv-001)
+ - [Code or Command Injection (IOT-WRLS-INPV-002)](#code-or-command-injection-iot-wrls-inpv-002)
@@ -480,11 +482,11 @@ This test case is based on: [IOT-DES-LOGIC-001](../data_exchange_services/README
-## Input Validation (IOT-WRLS-INVAL)
+## Input Validation (IOT-WRLS-INPV)
In order to ensure that only valid and well-formed data enters the processing flows of a device, the input from a all untrustworthy sources, e.g., users or external systems, has to be verified and validated.
-### Insufficient Input Validation (IOT-WRLS-INVAL-001)
+### Insufficient Input Validation (IOT-WRLS-INPV-001)
**Required Access Levels**
@@ -521,9 +523,9 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inval-001).
+This test case is based on: [IOT-DES-INPV-001](../data_exchange_services/README.md#insufficient-input-validation-iot-des-inpv-001).
-### Code or Command Injection (IOT-WRLS-INVAL-002)
+### Code or Command Injection (IOT-WRLS-INPV-002)
**Required Access Levels**
@@ -542,7 +544,7 @@ If no input validation is performed or only an insufficient input validation mec
**Test Objectives**
-- Based on [IOT-WRLS-INVAL-001](#insufficient-input-validation-iot-wrls-inval-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
+- Based on [IOT-WRLS-INPV-001](#insufficient-input-validation-iot-wrls-inpv-001), it must be checked whether it is possible to submit code or commands, which are then executed by the system.
**Remediation**
@@ -558,7 +560,7 @@ For this test case, data from the following sources was consolidated:
* ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
* Key aspects of testing of the T-Systems Multimedia Solutions GmbH
-This test case is based on: [IOT-DES-INVAL-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inval-002).
+This test case is based on: [IOT-DES-INPV-002](../data_exchange_services/README.md#code-or-command-injection-iot-des-inpv-002).