Fixed typos and missing examples

src/02_framework/device_model.md

@@ -74,7 +74,7 @@ Within this guide, the following kinds of interfaces will be differentiated, all
 
 - **User interfaces (human-to-machine):** In contrast to all other above-mentioned interfaces, user interfaces are not utilized to establish a connection between two machines. Instead, their purpose is to allow interactions between device-internal elements and a user. These interactions can either be based on a physical connection, e.g., in case of a touch display, or wireless connections, e.g., in case of a camera or microphone.
 
-  *Examples: touch display, camera, microphone*
+  *Examples: touch display, camera, microphone, local web application (hosted on the device)*
 
 
 

src/02_framework/methodology.md

@@ -48,7 +48,7 @@ The following hierarchic levels and types of nodes are defined:
 
   *Short representation: 2 - 5 uppercase alphabetic characters in square brackets*
 
-  *Examples: IOT-FW, IOT-FW*
+  *Examples: IOT-FW[INST], IOT-FW[UPDT]*
 
 - **Category:** The second main hierarchy level is the category, which can be used to group test cases, e.g., all test cases related to authorization can be grouped in the category AUTHZ.
 

src/03_test_cases/data_exchange_services/README.md

@@ -5,24 +5,24 @@
 	- [Table of Contents](#table-of-contents)
 	- [Overview](#overview)
 	- [Authorization (IOT-DES-AUTHZ)](#authorization-iot-des-authz)
-		- [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
-		- [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
+	  - [Unauthorized Access to the Data Exchange Service (IOT-DES-AUTHZ-001)](#unauthorized-access-to-the-data-exchange-service-iot-des-authz-001)
+	  - [Privilege Escalation (IOT-DES-AUTHZ-002)](#privilege-escalation-iot-des-authz-002)
 	- [Information Gathering (IOT-DES-INFO)](#information-gathering-iot-des-info)
-		- [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
-		- [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
-		- [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
+	  - [Disclosure of Implementation Details (IOT-DES-INFO-001)](#disclosure-of-implementation-details-iot-des-info-001)
+	  - [Disclosure of Ecosystem Details (IOT-DES-INFO-002)](#disclosure-of-ecosystem-details-iot-des-info-002)
+	  - [Disclosure of User Data (IOT-DES-INFO-003)](#disclosure-of-user-data-iot-des-info-003)
 	- [Configuration and Patch Management (IOT-DES-CONF)](#configuration-and-patch-management-iot-des-conf)
-		- [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
-		- [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
+	  - [Usage of Outdated Software (IOT-DES-CONF-001)](#usage-of-outdated-software-iot-des-conf-001)
+	  - [Presence of Unnecessary Software and Functionalities (IOT-DES-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-des-conf-002)
 	- [Secrets (IOT-DES-SCRT)](#secrets-iot-des-scrt)
-		- [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
+	  - [Access to Confidential Data (IOT-DES-SCRT-001)](#access-to-confidential-data-iot-des-scrt-001)
 	- [Cryptography (IOT-DES-CRYPT)](#cryptography-iot-des-crypt)
-		- [Usage of Weak Cryptographic Algorithms (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
+	  - [Usage of Weak Cryptographic Algorithms (IOT-DES-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-des-crypt-001)
 	- [Business Logic (IOT-DES-LOGIC)](#business-logic-iot-des-logic)
-		- [Circumvention of the Intended Business Logic (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
+	  - [Circumvention of the Intended Business Logic (IOT-DES-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-des-logic-001)
 	- [Input Validation (IOT-DES-INPV)](#input-validation-iot-des-inpv)
-		- [Insufficient Input Validation (IOT-DES-INPV-001)](#insufficient-input-validation-iot-des-inpv-001)
-		- [Code or Command Injection (IOT-DES-INPV-002)](#code-or-command-injection-iot-des-inpv-002)
+	  - [Insufficient Input Validation (IOT-DES-INPV-001)](#insufficient-input-validation-iot-des-inpv-001)
+	  - [Code or Command Injection (IOT-DES-INPV-002)](#code-or-command-injection-iot-des-inpv-002)
 
 
 

src/03_test_cases/firmware/firmware_update_mechanism.md

@@ -257,7 +257,7 @@ Some manufacturers implement a rollback protection for their devices. This rollb
 
 **Test Objectives**
 
-- It must has to be assessed whether it is possible to install older versions of the firmware.
+- It has to be assessed whether it is possible to install older versions of the firmware.
 
 **Remediation**
 

src/03_test_cases/internal_interfaces/README.md

@@ -5,24 +5,24 @@
 	- [Table of Contents](#table-of-contents)
 	- [Overview](#overview)
 	- [Authorization (IOT-INT-AUTHZ)](#authorization-iot-int-authz)
-		- [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
-		- [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
+	  - [Unauthorized Access to the Interface (IOT-INT-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-int-authz-001)
+	  - [Privilege Escalation (IOT-INT-AUTHZ-002)](#privilege-escalation-iot-int-authz-002)
 	- [Information Gathering (IOT-INT-INFO)](#information-gathering-iot-int-info)
-		- [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
-		- [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
-		- [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
+	  - [Disclosure of Implementation Details (IOT-INT-INFO-001)](#disclosure-of-implementation-details-iot-int-info-001)
+	  - [Disclosure of Ecosystem Details (IOT-INT-INFO-002)](#disclosure-of-ecosystem-details-iot-int-info-002)
+	  - [Disclosure of User Data (IOT-INT-INFO-003)](#disclosure-of-user-data-iot-int-info-003)
 	- [Configuration and Patch Management (IOT-INT-CONF)](#configuration-and-patch-management-iot-int-conf)
-		- [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
-		- [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
+	  - [Usage of Outdated Software (IOT-INT-CONF-001)](#usage-of-outdated-software-iot-int-conf-001)
+	  - [Presence of Unnecessary Software and Functionalities (IOT-INT-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-int-conf-002)
 	- [Secrets (IOT-INT-SCRT)](#secrets-iot-int-scrt)
-		- [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
+	  - [Access to Confidential Data (IOT-INT-SCRT-001)](#access-to-confidential-data-iot-int-scrt-001)
 	- [Cryptography (IOT-INT-CRYPT)](#cryptography-iot-int-crypt)
-		- [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
+	  - [Usage of Weak Cryptographic Algorithms (IOT-INT-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-int-crypt-001)
 	- [Business Logic (IOT-INT-LOGIC)](#business-logic-iot-int-logic)
-		- [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
+	  - [Circumvention of the Intended Business Logic (IOT-INT-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-int-logic-001)
 	- [Input Validation (IOT-INT-INPV)](#input-validation-iot-int-inpv)
-		- [Insufficient Input Validation (IOT-INT-INPV-001)](#insufficient-input-validation-iot-int-inpv-001)
-		- [Code or Command Injection (IOT-INT-INPV-002)](#code-or-command-injection-iot-int-inpv-002)
+	  - [Insufficient Input Validation (IOT-INT-INPV-001)](#insufficient-input-validation-iot-int-inpv-001)
+	  - [Code or Command Injection (IOT-INT-INPV-002)](#code-or-command-injection-iot-int-inpv-002)
 
 
 

src/03_test_cases/memory/README.md

@@ -98,12 +98,12 @@ If details about the implementation, e.g., algorithms in use or the authenticati
 **Test Objectives**
 
 - Accessible details regarding the implementation must be assessed in order to prepare further tests. For example, this includes:
+  - Cryptographic algorithms in use
 
- - Cryptographic algorithms in use
+  - Authentication and authorization mechanism
 
- - Authentication and authorization mechanism
+  - Local paths and environment details
 
- - Local paths and environment details
 
 **Remediation**
 

src/03_test_cases/physical_interfaces/README.md

@@ -5,24 +5,24 @@
 	- [Table of Contents](#table-of-contents)
 	- [Overview](#overview)
 	- [Authorization (IOT-PHY-AUTHZ)](#authorization-iot-phy-authz)
-		- [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
-		- [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
+	  - [Unauthorized Access to the Interface (IOT-PHY-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-phy-authz-001)
+	  - [Privilege Escalation (IOT-PHY-AUTHZ-002)](#privilege-escalation-iot-phy-authz-002)
 	- [Information Gathering (IOT-PHY-INFO)](#information-gathering-iot-phy-info)
-		- [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
-		- [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
-		- [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
+	  - [Disclosure of Implementation Details (IOT-PHY-INFO-001)](#disclosure-of-implementation-details-iot-phy-info-001)
+	  - [Disclosure of Ecosystem Details (IOT-PHY-INFO-002)](#disclosure-of-ecosystem-details-iot-phy-info-002)
+	  - [Disclosure of User Data (IOT-PHY-INFO-003)](#disclosure-of-user-data-iot-phy-info-003)
 	- [Configuration and Patch Management (IOT-PHY-CONF)](#configuration-and-patch-management-iot-phy-conf)
-		- [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
-		- [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
+	  - [Usage of Outdated Software (IOT-PHY-CONF-001)](#usage-of-outdated-software-iot-phy-conf-001)
+	  - [Presence of Unnecessary Software and Functionalities (IOT-PHY-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-phy-conf-002)
 	- [Secrets (IOT-PHY-SCRT)](#secrets-iot-phy-scrt)
-		- [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
+	  - [Access to Confidential Data (IOT-PHY-SCRT-001)](#access-to-confidential-data-iot-phy-scrt-001)
 	- [Cryptography (IOT-PHY-CRYPT)](#cryptography-iot-phy-crypt)
-		- [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
+	  - [Usage of Weak Cryptographic Algorithms (IOT-PHY-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-phy-crypt-001)
 	- [Business Logic (IOT-PHY-LOGIC)](#business-logic-iot-phy-logic)
-		- [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
+	  - [Circumvention of the Intended Business Logic (IOT-PHY-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-phy-logic-001)
 	- [Input Validation (IOT-PHY-INPV)](#input-validation-iot-phy-inpv)
-		- [Insufficient Input Validation (IOT-PHY-INPV-001)](#insufficient-input-validation-iot-phy-inpv-001)
-		- [Code or Command Injection (IOT-PHY-INPV-002)](#code-or-command-injection-iot-phy-inpv-002)
+	  - [Insufficient Input Validation (IOT-PHY-INPV-001)](#insufficient-input-validation-iot-phy-inpv-001)
+	  - [Code or Command Injection (IOT-PHY-INPV-002)](#code-or-command-injection-iot-phy-inpv-002)
 
 
 

src/03_test_cases/user_interfaces/README.md

@@ -5,24 +5,24 @@
 	- [Table of Contents](#table-of-contents)
 	- [Overview](#overview)
 	- [Authorization (IOT-UI-AUTHZ)](#authorization-iot-ui-authz)
-		- [Unauthorized Access to the Interface (IOT-UI-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-ui-authz-001)
-		- [Privilege Escalation (IOT-UI-AUTHZ-002)](#privilege-escalation-iot-ui-authz-002)
+	  - [Unauthorized Access to the Interface (IOT-UI-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-ui-authz-001)
+	  - [Privilege Escalation (IOT-UI-AUTHZ-002)](#privilege-escalation-iot-ui-authz-002)
 	- [Information Gathering (IOT-UI-INFO)](#information-gathering-iot-ui-info)
-		- [Disclosure of Implementation Details (IOT-UI-INFO-001)](#disclosure-of-implementation-details-iot-ui-info-001)
-		- [Disclosure of Ecosystem Details (IOT-UI-INFO-002)](#disclosure-of-ecosystem-details-iot-ui-info-002)
-		- [Disclosure of User Data (IOT-UI-INFO-003)](#disclosure-of-user-data-iot-ui-info-003)
+	  - [Disclosure of Implementation Details (IOT-UI-INFO-001)](#disclosure-of-implementation-details-iot-ui-info-001)
+	  - [Disclosure of Ecosystem Details (IOT-UI-INFO-002)](#disclosure-of-ecosystem-details-iot-ui-info-002)
+	  - [Disclosure of User Data (IOT-UI-INFO-003)](#disclosure-of-user-data-iot-ui-info-003)
 	- [Configuration and Patch Management (IOT-UI-CONF)](#configuration-and-patch-management-iot-ui-conf)
-		- [Usage of Outdated Software (IOT-UI-CONF-001)](#usage-of-outdated-software-iot-ui-conf-001)
-		- [Presence of Unnecessary Software and Functionalities (IOT-UI-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-ui-conf-002)
+	  - [Usage of Outdated Software (IOT-UI-CONF-001)](#usage-of-outdated-software-iot-ui-conf-001)
+	  - [Presence of Unnecessary Software and Functionalities (IOT-UI-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-ui-conf-002)
 	- [Secrets (IOT-UI-SCRT)](#secrets-iot-ui-scrt)
-		- [Access to Confidential Data (IOT-UI-SCRT-001)](#access-to-confidential-data-iot-ui-scrt-001)
+	  - [Access to Confidential Data (IOT-UI-SCRT-001)](#access-to-confidential-data-iot-ui-scrt-001)
 	- [Cryptography (IOT-UI-CRYPT)](#cryptography-iot-ui-crypt)
-		- [Usage of Weak Cryptographic Algorithms (IOT-UI-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-ui-crypt-001)
+	  - [Usage of Weak Cryptographic Algorithms (IOT-UI-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-ui-crypt-001)
 	- [Business Logic (IOT-UI-LOGIC)](#business-logic-iot-ui-logic)
-		- [Circumvention of the Intended Business Logic (IOT-UI-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-ui-logic-001)
+	  - [Circumvention of the Intended Business Logic (IOT-UI-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-ui-logic-001)
 	- [Input Validation (IOT-UI-INPV)](#input-validation-iot-ui-inpv)
-		- [Insufficient Input Validation (IOT-UI-INPV-001)](#insufficient-input-validation-iot-ui-inpv-001)
-		- [Code or Command Injection (IOT-UI-INPV-002)](#code-or-command-injection-iot-ui-inpv-002)
+	  - [Insufficient Input Validation (IOT-UI-INPV-001)](#insufficient-input-validation-iot-ui-inpv-001)
+	  - [Code or Command Injection (IOT-UI-INPV-002)](#code-or-command-injection-iot-ui-inpv-002)
 
 
 

src/03_test_cases/wireless_interfaces/README.md

@@ -5,24 +5,24 @@
 	- [Table of Contents](#table-of-contents)
 	- [Overview](#overview)
 	- [Authorization (IOT-WRLS-AUTHZ)](#authorization-iot-wrls-authz)
-		- [Unauthorized Access to the Interface (IOT-WRLS-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-wrls-authz-001)
-		- [Privilege Escalation (IOT-WRLS-AUTHZ-002)](#privilege-escalation-iot-wrls-authz-002)
+	  - [Unauthorized Access to the Interface (IOT-WRLS-AUTHZ-001)](#unauthorized-access-to-the-interface-iot-wrls-authz-001)
+	  - [Privilege Escalation (IOT-WRLS-AUTHZ-002)](#privilege-escalation-iot-wrls-authz-002)
 	- [Information Gathering (IOT-WRLS-INFO)](#information-gathering-iot-wrls-info)
-		- [Disclosure of Implementation Details (IOT-WRLS-INFO-001)](#disclosure-of-implementation-details-iot-wrls-info-001)
-		- [Disclosure of Ecosystem Details (IOT-WRLS-INFO-002)](#disclosure-of-ecosystem-details-iot-wrls-info-002)
-		- [Disclosure of User Data (IOT-WRLS-INFO-003)](#disclosure-of-user-data-iot-wrls-info-003)
+	  - [Disclosure of Implementation Details (IOT-WRLS-INFO-001)](#disclosure-of-implementation-details-iot-wrls-info-001)
+	  - [Disclosure of Ecosystem Details (IOT-WRLS-INFO-002)](#disclosure-of-ecosystem-details-iot-wrls-info-002)
+	  - [Disclosure of User Data (IOT-WRLS-INFO-003)](#disclosure-of-user-data-iot-wrls-info-003)
 	- [Configuration and Patch Management (IOT-WRLS-CONF)](#configuration-and-patch-management-iot-wrls-conf)
-		- [Usage of Outdated Software (IOT-WRLS-CONF-001)](#usage-of-outdated-software-iot-wrls-conf-001)
-		- [Presence of Unnecessary Software and Functionalities (IOT-WRLS-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-wrls-conf-002)
+	  - [Usage of Outdated Software (IOT-WRLS-CONF-001)](#usage-of-outdated-software-iot-wrls-conf-001)
+	  - [Presence of Unnecessary Software and Functionalities (IOT-WRLS-CONF-002)](#presence-of-unnecessary-software-and-functionalities-iot-wrls-conf-002)
 	- [Secrets (IOT-WRLS-SCRT)](#secrets-iot-wrls-scrt)
-		- [Access to Confidential Data (IOT-WRLS-SCRT-001)](#access-to-confidential-data-iot-wrls-scrt-001)
+	  - [Access to Confidential Data (IOT-WRLS-SCRT-001)](#access-to-confidential-data-iot-wrls-scrt-001)
 	- [Cryptography (IOT-WRLS-CRYPT)](#cryptography-iot-wrls-crypt)
-		- [Usage of Weak Cryptographic Algorithms (IOT-WRLS-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-wrls-crypt-001)
+	  - [Usage of Weak Cryptographic Algorithms (IOT-WRLS-CRYPT-001)](#usage-of-weak-cryptographic-algorithms-iot-wrls-crypt-001)
 	- [Business Logic (IOT-WRLS-LOGIC)](#business-logic-iot-wrls-logic)
-		- [Circumvention of the Intended Business Logic (IOT-WRLS-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-wrls-logic-001)
+	  - [Circumvention of the Intended Business Logic (IOT-WRLS-LOGIC-001)](#circumvention-of-the-intended-business-logic-iot-wrls-logic-001)
 	- [Input Validation (IOT-WRLS-INPV)](#input-validation-iot-wrls-inpv)
-		- [Insufficient Input Validation (IOT-WRLS-INPV-001)](#insufficient-input-validation-iot-wrls-inpv-001)
-		- [Code or Command Injection (IOT-WRLS-INPV-002)](#code-or-command-injection-iot-wrls-inpv-002)
+	  - [Insufficient Input Validation (IOT-WRLS-INPV-001)](#insufficient-input-validation-iot-wrls-inpv-001)
+	  - [Code or Command Injection (IOT-WRLS-INPV-002)](#code-or-command-injection-iot-wrls-inpv-002)