rspec/rules/S6329/see.adoc

== See

* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control
* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html[AWS Documentation] - Amazon EC2 instance IP addressing
* https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.PublicPrivate.html[AWS Documentation] - Public and private replication instances
* https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[AWS Documentation] - VPC Peering
* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control
* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere
* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control
Create rule S6329: Assigning public IP address to an AWS resource is security-sensitive (#202) 2021-09-13 14:01:24 +02:00			`== See`

RULEAPI-709: Security rules are mapped to the OWASP Top 10 2021 security-standard (#545) 2021-11-01 15:00:32 +01:00			`* https://owasp.org/Top10/A01_2021-Broken_Access_Control/[OWASP Top 10 2021 Category A1] - Broken Access Control`
Create rule S6329: Assigning public IP address to an AWS resource is security-sensitive (#202) 2021-09-13 14:01:24 +02:00			`* https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html[AWS Documentation] - Amazon EC2 instance IP addressing`
			`* https://docs.aws.amazon.com/dms/latest/userguide/CHAP_ReplicationInstance.PublicPrivate.html[AWS Documentation] - Public and private replication instances`
Modify rule S6329: Turn into generic rule (#655) * Create rule S6392 * Add first draft * improve title * add last commit to this PR regarding public network access * add metadata tags * changed title * converted ask yourself into generic cloud * converted description into generic cloud * moved aws links to see * converted recommended to generic cloud * convertion of recommended -- added a special case * add cwe * add note in recommended section, not sure about this one * add another cwe * add first version of rule conversion * final rule version * removed leftover code * Update rules/S6329/description.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Update rules/S6329/terraform/rule.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * changed case for bulleted list * improved specs after review * removed potential confusion * changed company<->organization * Update rules/S6329/ask-yourself.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Update rules/S6329/description.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2022-02-07 11:00:36 +01:00			`* https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html[AWS Documentation] - VPC Peering`
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/284[MITRE, CWE-284] - Improper Access Control`
			`* https://cwe.mitre.org/data/definitions/668[MITRE, CWE-668] - Exposure of Resource to Wrong Sphere`
Modify rule S6329: Turn into generic rule (#655) * Create rule S6392 * Add first draft * improve title * add last commit to this PR regarding public network access * add metadata tags * changed title * converted ask yourself into generic cloud * converted description into generic cloud * moved aws links to see * converted recommended to generic cloud * convertion of recommended -- added a special case * add cwe * add note in recommended section, not sure about this one * add another cwe * add first version of rule conversion * final rule version * removed leftover code * Update rules/S6329/description.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Update rules/S6329/terraform/rule.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * changed case for bulleted list * improved specs after review * removed potential confusion * changed company<->organization * Update rules/S6329/ask-yourself.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> * Update rules/S6329/description.adoc Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: loris-s-sonarsource <loris-s-sonarsource@users.noreply.github.com> Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com> Co-authored-by: Nils Werner <64034005+nils-werner-sonarsource@users.noreply.github.com> 2022-02-07 11:00:36 +01:00			`* https://owasp.org/www-project-top-ten/2017/A5_2017-Broken_Access_Control[OWASP Top 10 2017 Category A5] - Broken Access Control`