swb6-it-sec/Lab05/documentation/part1/part1.tex

\section{Part 1: Assets and Threats}

\subsection{Liste der Assets}

\begin{table}[ht]
\centering
\begin{adjustbox}{width=1\textwidth}
\small
\begin{tabular}{r|l|l|l|l|l|r|l|l|l|l|l}
    \textbf{No} & \textbf{Name} & \textbf{Description} & \textbf{Owner} & \textbf{Maintainer} & \textbf{Location} & \textbf{CIA} & \textbf{PI} & \textbf{Access privs} & \textbf{Category} & \textbf{Asset value} & \textbf{Criticality} \\
    \hline
    1 & Dashboard & Car dashboard & Driver & A. Name & Car & IA & & & & & \\
    \hline
    2 & Entertainment & Car entertainment system & Driver & A. Nother & Car & A & & & & & \\
    \hline
    3 & OTA Server & Server for OTA Updates & IT-Dep & S. Ome & E2, room 44& IA & & & & & \\
    \hline
    4 & Charging Station & System to handle charging & IT-Dep & B. Ody & Fuel Stations & IA & & & & & \\
    \hline
    5 & Collaboration & Collaboration code & IT-Dep & T. Is & E2, room 45 & CI & & & & & \\
    \hline
    6 & Meetings & Online meetings code & Sales/Marketing & I. Sweird & E2, room 46 & CI & & & & & \\
    \hline
    7 & Online Shop & Buy the car online & Sales/Marketing & A. Ndun & E2, room 47 & IA & & & & & \\
    \hline
    8 & Client DB & Databas of clients & Sales/Marketing & I. Nspired & E2, room 48 & CIA & & & & & \\
    \hline
    9 & Service API & Car service API & Service Center & A. Lmost & E2, Car & I & & & & & \\
    \hline
    10 & Website & Company Website & Sales/Marketing & D. One & E2, room 49 & IA & & & & & \\
\end{tabular}
\end{adjustbox}
\caption{Asset Liste}
\label{tab:Asset Liste}
\end{table}

\subsection{Gefahren für Assets}

8. Client DB:

\begin{enumerate}
    \item Diebstahl der Daten aus der Datenbank
    \item Denial of Service
    \item Löschen der Datenbank
    \item Verschlüsselung der Datenbank
    \item Änderung der Kundendaten
    \item SQL Injection
    \item Zugang sperren
    \item Falsche Daten liefern
    \item Falsche Daten hinzufügen
    \item Löschen der Backups
\end{enumerate}

10. Website:

\begin{enumerate}
    \item Darstellung falscher Daten
    \item Injection, z.B. Kontaktformular
    \item Cross-Site Scripting
    \item SSRF
    \item Diebstal der Logs
    \item Zugriff auf das Hostsystem
    \item Denial of Service
    \item DNS flooding
    \item DNS hijacking
    \item Domain stehlen
\end{enumerate}
init lab5 2022-06-16 12:46:50 +02:00			`\section{Part 1: Assets and Threats}`
create example table 2022-06-16 12:58:26 +02:00
start of threads 2022-06-16 13:30:43 +02:00			`\subsection{Liste der Assets}`

create example table 2022-06-16 12:58:26 +02:00			`\begin{table}[ht]`
			`\centering`
			`\begin{adjustbox}{width=1\textwidth}`
			`\small`
start of threads 2022-06-16 13:30:43 +02:00			`\begin{tabular}{r\|l\|l\|l\|l\|l\|r\|l\|l\|l\|l\|l}`
			`\textbf{No} & \textbf{Name} & \textbf{Description} & \textbf{Owner} & \textbf{Maintainer} & \textbf{Location} & \textbf{CIA} & \textbf{PI} & \textbf{Access privs} & \textbf{Category} & \textbf{Asset value} & \textbf{Criticality} \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`1 & Dashboard & Car dashboard & Driver & A. Name & Car & IA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`2 & Entertainment & Car entertainment system & Driver & A. Nother & Car & A & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`3 & OTA Server & Server for OTA Updates & IT-Dep & S. Ome & E2, room 44& IA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`4 & Charging Station & System to handle charging & IT-Dep & B. Ody & Fuel Stations & IA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`5 & Collaboration & Collaboration code & IT-Dep & T. Is & E2, room 45 & CI & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`6 & Meetings & Online meetings code & Sales/Marketing & I. Sweird & E2, room 46 & CI & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`7 & Online Shop & Buy the car online & Sales/Marketing & A. Ndun & E2, room 47 & IA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`8 & Client DB & Databas of clients & Sales/Marketing & I. Nspired & E2, room 48 & CIA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`9 & Service API & Car service API & Service Center & A. Lmost & E2, Car & I & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\hline`
start of threads 2022-06-16 13:30:43 +02:00			`10 & Website & Company Website & Sales/Marketing & D. One & E2, room 49 & IA & & & & & \\`
create example table 2022-06-16 12:58:26 +02:00			`\end{tabular}`
			`\end{adjustbox}`
start of threads 2022-06-16 13:30:43 +02:00			`\caption{Asset Liste}`
			`\label{tab:Asset Liste}`
			`\end{table}`

			`\subsection{Gefahren für Assets}`

			`8. Client DB:`

			`\begin{enumerate}`
			`\item Diebstahl der Daten aus der Datenbank`
			`\item Denial of Service`
			`\item Löschen der Datenbank`
			`\item Verschlüsselung der Datenbank`
			`\item Änderung der Kundendaten`
			`\item SQL Injection`
			`\item Zugang sperren`
			`\item Falsche Daten liefern`
			`\item Falsche Daten hinzufügen`
			`\item Löschen der Backups`
			`\end{enumerate}`

			`10. Website:`

			`\begin{enumerate}`
			`\item Darstellung falscher Daten`
			`\item Injection, z.B. Kontaktformular`
			`\item Cross-Site Scripting`
			`\item SSRF`
			`\item Diebstal der Logs`
			`\item Zugriff auf das Hostsystem`
			`\item Denial of Service`
			`\item DNS flooding`
			`\item DNS hijacking`
			`\item Domain stehlen`
			`\end{enumerate}`