Skip to content

Latest commit

 

History

History
173 lines (99 loc) · 2.42 KB

templateCodeReview.md

File metadata and controls

173 lines (99 loc) · 2.42 KB

Table of Contents

  1. Firmware Analysis Report
  2. Abstract
  3. Target(s)
    1. Sample 1
      1. name:
      2. obtained as:
      3. source language:
    2. Sample 2
      1. name:
      2. obtained as:
      3. source language:
  4. Methods
    1. Applicable Standards
    2. Applicable Attack Vectors
    3. Suggested Test Sets
      1. Test Set: Sample 1
      2. Test Set: Sample 2
  5. Findings
  6. Conclusion

Firmware Analysis Report

This report serves as a template for analyzing the attack surface of firmware samples. Samples may

Abstract

Target(s)

Sample 1

name:

obtained as:

  • source code
  • compresed binary
  • encrypted
  • other

source language:

  • C, C++
  • PHP
  • SH
  • N/A

Sample 2

name:

obtained as:

  • source code
  • compressed binary
  • encrypted
  • other

source language:

  • C, C++
  • PHP
  • SH
  • N/A

Methods

Applicable Standards

  • OWASP
  • SANS
  • CERT
  • CVE
  • MITRE / CWE / CWE Top 25
  • NVE
  • PA-DSS

Applicable Attack Vectors

  • Data / Input Validation
  • Authentication
  • Session Management
  • Authorization
  • Cryptography
  • Error Handling
  • Logging / Auditing
  • Secure Code Environment
  • Bad Coding Practices

Suggested Test Sets

Test Set: Sample 1

  1. Data / Input Validation

    • CWE-665 Improper Initialization
    • Stack Overflows
    • Formatted Strings

  2. Session Management

  3. Authorization

    • CWE-732 Incorrect Permission Assignment

  4. Logging / Auditing

Test Set: Sample 2

Findings

Conclusion