From 70700eceba47af80cb219d040b98e9444cdd59a8 Mon Sep 17 00:00:00 2001 From: 10-trix Date: Sun, 1 Mar 2026 23:51:10 +0530 Subject: [PATCH 1/2] Add description for mobile app card NS2 contributes to #2108 --- .../network-&-storage/NS2/explanation.md | 20 ++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md b/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md index 88417b47c..6e874ebe1 100644 --- a/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md +++ b/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md @@ -1,11 +1,29 @@ ## Scenario: Matt can inspect sensitive application log data because logging statements have not been removed or reviewed as safe before the production release +The mobile application contains verbose logging statements that expose sensitive information such as authentication tokens, personal data, or internal system details. These logs were intended for debugging but were not removed or reviewed before the production release. + +As a result, Matt can access application logs and extract confidential information. + ### Example +Matt connects his device to a debugging tool and reviews the application logs. He discovers that login responses and API tokens are written to the log output, allowing him to retrieve sensitive data. + ## Threat Modeling ### STRIDE +This scenario falls under the **Information Disclosure** category of the STRIDE threat modeling framework. + +Sensitive information is unintentionally exposed through insecure logging practices. + ### What can go wrong? -### What are we going to do about it? \ No newline at end of file +- Sensitive user data may be exposed. +- Authentication tokens may be leaked. +- Internal system details may be disclosed. + +### What are we going to do about it? + +- Remove or disable debug logging in production builds. +- Avoid logging sensitive information such as passwords, tokens, or personal data. +- Review logging statements before releasing the application. \ No newline at end of file From 61796164ad9abc95eea9b20f3a1334e4e52e0f8e Mon Sep 17 00:00:00 2001 From: 10-trix Date: Mon, 2 Mar 2026 01:14:55 +0530 Subject: [PATCH 2/2] Add description for mobile app card NS2 contributes to #2108 --- .../mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md b/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md index 6e874ebe1..dd4f1ad13 100644 --- a/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md +++ b/cornucopia.owasp.org/data/cards/mobileapp-cards-1.1-en/network-&-storage/NS2/explanation.md @@ -26,4 +26,4 @@ Sensitive information is unintentionally exposed through insecure logging practi - Remove or disable debug logging in production builds. - Avoid logging sensitive information such as passwords, tokens, or personal data. -- Review logging statements before releasing the application. \ No newline at end of file +- Review logging statements before releasing the application.