From 025fe3667419ccb115a48b55677badfb72a1b5a6 Mon Sep 17 00:00:00 2001 From: kazmik23 Date: Thu, 24 Oct 2024 12:03:05 -0500 Subject: [PATCH] Create threats.yaml threats.yaml for cloud functions --- .../compute/serverless-computing/threats.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 services/compute/serverless-computing/threats.yaml diff --git a/services/compute/serverless-computing/threats.yaml b/services/compute/serverless-computing/threats.yaml new file mode 100644 index 00000000..a6b26210 --- /dev/null +++ b/services/compute/serverless-computing/threats.yaml @@ -0,0 +1,18 @@ +common_threats: + - CCC.TH01 # Access control is misconfigured + - CCC.TH02 # Data is intercepted in transit + - CCC.TH03 # Deployment region network is untrusted + - CCC.TH04 # Data is replicated to untrusted or external locations + - CCC.TH05 # Data is corrupted during replication + - CCC.TH06 # Data is lost or corrupted + - CCC.TH07 # Logs are Tampered With or Deleted + - CCC.TH08 # Cost Management Data is Manipulated + - CCC.TH09 # Logs or Monitoring Data are Read by Unauthorized Users + - CCC.TH10 # Alerts are Intercepted + - CCC.TH11 # Event Notifications are Incorrectly Triggered + - CCC.TH12 # Resource constraints are exhausted + - CCC.TH13 # Resource Tags Are Manipulated + - CCC.TH14 # Older Resource Versions Are Exploited + - CCC.TH15 # Automated Enumeration and Reconnaissance by Non-Human Entities + +# No serverless-specific threats as of yet