AD03 Data Breach By Cloud Application
| Context | Someone interacts with a cloud application |
| Problem | Data breach (information disclosure) by the cloud application |
| Solution | Ensure data security of cloud infrastructure; Apply data classification; Apply access controls as per classification; Avoid storing of sensitive data; Ensure strong encryption algorithms and protocols; Ensure security of key management; Ensure the use of strong hashing functions for storing passwords; Avoid Client Side Caching; |
| References | Sensitive Data Exposure [OWASP10]; Data Breaches [CSA10]; R.19: Compromise service engine [ENISA]; Compromise service engine [QUIRC]; Computation on Encrypted Data [Rath]; |
| Type | ns:type_ThreatPattern |
| Victim | su:comp_CloudApplication |
| Aggressor | su:comp_CloudApplication; su:comp_ExternalService; su:comp_RemoteUser |
| Aggr. role | ns:role_Client |
| STRIDE | ns:STRIDE_Information_Disclosure |
| Threat | ns:threat_txMessageSecrecyViolation; ns:threat_txTrafficAnalysisAndSniffing; ns:threat_txOutputInformationDisclosure; ns:threat_txDataInference |