Changed title of ISTG-MEM-INFO-001 and ISTG-FW-INFO-001

checklists/checklist.md

@@ -20,7 +20,7 @@ Note: The `Status` column can be set for values similar to "Pass", "Fail", "N/A"
 |Test ID|Test Name|Status|Notes|
 |-|-|-|-|
 |**ISTG-MEM-INFO**|**Information Gathering**|||
-|ISTG-MEM-INFO-001|Disclosure of Source Code|||
+|ISTG-MEM-INFO-001|Disclosure of Source Code and Binaries|||
 |ISTG-MEM-INFO-002|Disclosure of Implementation Details|||
 |ISTG-MEM-INFO-003|Disclosure of Ecosystem Details|||
 |ISTG-MEM-INFO-004|Disclosure of User Data|||
@@ -33,7 +33,7 @@ Note: The `Status` column can be set for values similar to "Pass", "Fail", "N/A"
 |Test ID|Test Name|Status|Notes|
 |-|-|-|-|
 |**ISTG-FW-INFO**|**Information Gathering**|||
-|ISTG-FW-INFO-001|Disclosure of Source Code|||
+|ISTG-FW-INFO-001|Disclosure of Source Code and Binaries|||
 |ISTG-FW-INFO-002|Disclosure of Implementation Details|||
 |ISTG-FW-INFO-003|Disclosure of Ecosystem Details|||
 |**ISTG-FW-CONF**|**Configuration and Patch Management**|||

src/02_framework/methodology.md

@@ -183,7 +183,7 @@ Another way to expand the catalog is to add custom components, categories and te
         </tr>
         <tr>
             <td>ISTG-*-INFO-001</td>
-            <td>Disclosure of Source Code</td>
+            <td>Disclosure of Source Code and Binaries</td>
         </tr>
         <tr>
             <td>ISTG-*-INFO-002</td>

src/03_test_cases/data_exchange_services/README.md

@@ -173,7 +173,7 @@ For this test case, data from the following sources was consolidated:
 * ["Practical IoT Hacking"][practical_iot_hacking] by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods
 * Key aspects of testing of the T-Systems Multimedia Solutions GmbH
 
-This test case is based on: [ISTG-FW-INFO-001](../firmware/README.md#disclosure-of-source-code-istg-fw-info-001).
+This test case is based on: [ISTG-FW-INFO-001](../firmware/README.md#disclosure-of-source-code-and-binaries-istg-fw-info-001).
 
 ### Disclosure of Ecosystem Details (ISTG-DES-INFO-002)
 

src/03_test_cases/firmware/README.md

@@ -3,7 +3,7 @@
 ## Table of Contents
 * [Overview](#overview)
 * [Information Gathering (ISTG-FW-INFO)](#information-gathering-istg-fw-info)
-  * [Disclosure of Source Code (ISTG-FW-INFO-001)](#disclosure-of-source-code-istg-fw-info-001)
+  * [Disclosure of Source Code and Binaries (ISTG-FW-INFO-001)](#disclosure-of-source-code-and-binaries-istg-fw-info-001)
   * [Disclosure of Implementation Details (ISTG-FW-INFO-002)](#disclosure-of-implementation-details-istg-fw-info-002)
   * [Disclosure of Ecosystem Details (ISTG-FW-INFO-003)](#disclosure-of-ecosystem-details-istg-fw-info-003)
 * [Configuration and Patch Management (ISTG-FW-CONF)](#configuration-and-patch-management-istg-fw-conf)
@@ -45,7 +45,7 @@ All test cases and categories for the component [ISTG-FW](./README.md) focus on
 
 The firmware of an IoT device can include various information, which, if disclosed, could reveal details regarding the inner workings of the device or the surrounding IoT ecosystem to potential attackers. This could enable and facilitate further, more advanced attacks.
 
-### Disclosure of Source Code (ISTG-FW-INFO-001)
+### Disclosure of Source Code and Binaries (ISTG-FW-INFO-001)
 
 **Required Access Levels**
 
@@ -376,7 +376,7 @@ Sometimes, developers tend to incorporate secrets directly into the source code
 
 **Test Objectives**
 
-- Based on [ISTG-FW-INFO-001](#disclosure-of-source-code-istg-fw-info-001), it must be checked if any hard-coded secrets can be identified.
+- Based on [ISTG-FW-INFO-001](#disclosure-of-source-code-and-binaries-istg-fw-info-001), it must be checked if any hard-coded secrets can be identified.
 
 **Remediation**
 
@@ -424,7 +424,7 @@ The usage of weak cryptographic algorithms might allow an attacker to recover th
 
 - The data, stored by or within the firmware, must be checked for the presence of encrypted data segments. In case that encrypted data segments are found, it must be checked whether the cryptographic algorithms in use can be identified.
 
-- Furthermore, based on [ISTG-FW-INFO-001](#disclosure-of-source-code-istg-fw-info-001) and [ISTG-FW-INFO-002](#disclosure-of-implementation-details-istg-fw-info-002), it must be checked whether any source code, configuration files etc. disclose the usage of certain cryptographic algorithms.
+- Furthermore, based on [ISTG-FW-INFO-001](#disclosure-of-source-code-and-binaries-istg-fw-info-001) and [ISTG-FW-INFO-002](#disclosure-of-implementation-details-istg-fw-info-002), it must be checked whether any source code, configuration files etc. disclose the usage of certain cryptographic algorithms.
 
 - In case that cryptographic algorithms can be identified, it must be determined whether the algorithms in use and their configuration are providing a sufficient level of security at the time of testing, e.g., by consulting cryptography guidelines like the technical guideline [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=10) by the BSI.
 

src/03_test_cases/memory/README.md

@@ -3,7 +3,7 @@
 ## Table of Contents
 * [Overview](#overview)
 * [Information Gathering (ISTG-MEM-INFO)](#information-gathering-istg-mem-info)
-  * [Disclosure of Source Code (ISTG-MEM-INFO-001)](#disclosure-of-source-code-istg-mem-info-001)
+  * [Disclosure of Source Code and Binaries (ISTG-MEM-INFO-001)](#disclosure-of-source-code-and-binaries-istg-mem-info-001)
   * [Disclosure of Implementation Details (ISTG-MEM-INFO-002)](#disclosure-of-implementation-details-istg-mem-info-002)
   * [Disclosure of Ecosystem Details (ISTG-MEM-INFO-003)](#disclosure-of-ecosystem-details-istg-mem-info-003)
   * [Disclosure of User Data (ISTG-MEM-INFO-004)](#disclosure-of-user-data-istg-mem-info-004)
@@ -35,7 +35,7 @@ The memory of an IoT device can include various data, which, if disclosed, coul
 
 Tests on the device memory are performed by directly accessing the memory chips. Thus, invasive physical access (*PA-4*) is required while no user accounts are used (*AA-1*).
 
-### Disclosure of Source Code (ISTG-MEM-INFO-001)
+### Disclosure of Source Code and Binaries (ISTG-MEM-INFO-001)
 **Required Access Levels**
 
 <table width="100%">
@@ -76,7 +76,7 @@ For this test case, data from the following sources was consolidated:
 * ["IoT Penetration Testing Cookbook"][iot_penetration_testing_cookbook] by Aaron Guzman and Aditya Gupta
 * ["The IoT Hacker's Handbook"][iot_hackers_handbook] by Aditya Gupta
 
-This test case is based on: [ISTG-FW-INFO-001](../firmware/README.md#disclosure-of-source-code-istg-fw-info-001).
+This test case is based on: [ISTG-FW-INFO-001](../firmware/README.md#disclosure-of-source-code-and-binaries-istg-fw-info-001).
 
 ### Disclosure of Implementation Details (ISTG-MEM-INFO-002)
 **Required Access Levels**
@@ -262,7 +262,7 @@ The usage of weak cryptographic algorithms might allow an attacker to recover th
 
 - The data, stored on the device, must be checked for the presence of encrypted data segments. In case that encrypted data segments are found, it must be checked whether the cryptographic algorithms in use can be identified.
 
-- Furthermore, based on [ISTG-MEM-INFO-001](#disclosure-of-source-code-istg-mem-info-001) and [ISTG-MEM-INFO-002](#disclosure-of-implementation-details-istg-mem-info-002), it must be checked whether any source code, configuration files etc. disclose the usage of certain cryptographic algorithms.
+- Furthermore, based on [ISTG-MEM-INFO-001](#disclosure-of-source-code-and-binaries-istg-mem-info-001) and [ISTG-MEM-INFO-002](#disclosure-of-implementation-details-istg-mem-info-002), it must be checked whether any source code, configuration files etc. disclose the usage of certain cryptographic algorithms.
 
 - In case that cryptographic algorithms can be identified, it must be determined whether the algorithms in use and their configuration are providing a sufficient level of security at the time of testing, e.g., by consulting cryptography guidelines like the technical guideline [TR-02102-1](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TG02102/BSI-TR-02102-1.pdf?__blob=publicationFile&v=10) by the BSI.