AD08 Logs Of Cloud Application Stolen
| Context | Someone interacts with a cloud application |
| Problem | Disclosure of sensitive information from cloud application logs |
| Solution | Avoid storing of sensitive data in logs; Apply logs encryption; Ensure strong encryption algorithms for logs; |
| References | R30, R.31 Lost or compromise of operational or security logs [ENISA] |
| Type | ns:type_ThreatPattern |
| Victim | su:comp_CloudApplication |
| Aggressor | su:comp_CloudApplication; su:comp_ExternalService; su:comp_RemoteUser |
| Aggr. role | ns:role_Client |
| STRIDE | ns:STRIDE_Information_Disclosure |
| Threat |