From 6646fc744d16a82811379ed01ad63654e4af7c0b Mon Sep 17 00:00:00 2001
From: nav6402 <117363209+nav6402@users.noreply.github.com>
Date: Mon, 27 Nov 2023 13:25:09 -1000
Subject: [PATCH] #207 User Submitted Bugs (#208)

---
 src/ontology/d3fend-protege.ttl | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/src/ontology/d3fend-protege.ttl b/src/ontology/d3fend-protege.ttl
index 2ec76417..124d17b5 100644
--- a/src/ontology/d3fend-protege.ttl
+++ b/src/ontology/d3fend-protege.ttl
@@ -3089,8 +3089,7 @@ Google Developers. (n.d.). Clustering Algorithms. [Link](https://developers.goog
     rdfs:label "Certificate-based Authentication" ;
     rdfs:subClassOf :CredentialHardening ;
     :d3fend-id "D3-CBAN" ;
-    :definition "Requiring a digital certificate in order to authenticate a user." ;
-    :kb-reference :Reference-TokenlessBiometricTransactionAuthorizationMethodAndSystem .
+    :definition "Requiring a digital certificate in order to authenticate a user." .
 
 :CertificateAnalysis a :CertificateAnalysis,
         :NetworkTrafficAnalysis,
@@ -3127,18 +3126,16 @@ TLS certificates are designed to expire to ensure that the cryptographic keys ar
             owl:onProperty :authenticates ;
             owl:someValuesFrom :PublicKey ] ;
     :d3fend-id "D3-CP" ;
-    :definition "Persisting either a server's X509 certificate or their public key and comparing that to server's presented identity to allow for greater client confidence in the remote server's identity for SSL connections." ;
+    :definition "Persisting either a server's X.509 certificate or their public key and comparing that to server's presented identity to allow for greater client confidence in the remote server's identity for SSL connections." ;
     :kb-article """## How it works
 Pinning allows for a trusted copy of a certificate or public key to be associated with a server and thus reducing the likelihood of frequently visited sites being subjected to man-in-the-middle attacks. Certificates or public keys can be pinned after a trusted connection has been established or the pinning can be preloaded in an application, which is the preferred method for mobile applications.
 
 Pinning can take the form of certificate pinning or public key pinning.
 
 ## Forms of Pinning
-* Certificate Pinning
-Certificate Pinning (CP) allows for the client to verify the X509 certificate with a preloaded certificate. Typically, this is involves storing a hash of the certificate and using the stored hash for comparison to the hash of the certificate submitted during the SSL handshake.
+* Certificate Pinning (CP) allows for the client to verify the X.509 certificate with a preloaded certificate. Typically, this is involves storing a hash of the certificate and using the stored hash for comparison to the hash of the certificate submitted during the SSL handshake.
 
-* Public Key Pinning
-Public Key Pinning (PKP) requires the extraction of a public key from server's certificate. The stored public key is compared to the server's presented public key. A public key is expected to rotate less frequently than an X509 certificate and is generally favored over certificate pinning.
+* Public Key Pinning (PKP) requires the extraction of a public key from server's certificate. The stored public key is compared to the server's presented public key. A public key is expected to rotate less frequently than an X.509 certificate and is generally favored over certificate pinning.
 
 An extension of PKP is Subject Public Key Information Pinning (SPKI) includes public key pinning plus additional information for SSL connections. The additional information can include preferred algorithms.
 
@@ -3149,7 +3146,8 @@ An extension of PKP is Subject Public Key Information Pinning (SPKI) includes pu
 * Servers can become unavailable if pinned objects are set and not updated with the rotated identities. This may require a pinning strategy to be developed.
 * The application of this technique within web browser applications has been [deprecated](https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning) by  popular web browser developers. They now favor certificate analysis via public certificate transparency logs, and the EXPECT-CT HTTP header.""" ;
     :kb-reference :Reference-CertificateAndPublicKeyPinning,
-        :Reference-End-to-endCertificatePinning .
+        :Reference-End-to-endCertificatePinning,
+        :Reference-PublicKeyPinningExtensionForHTTP .
 
 :CertificateTrustStore a owl:Class ;
     rdfs:label "Certificate Trust Store" ;
@@ -13964,7 +13962,7 @@ Administrators collect information on network nodes in their architecture using
 
 ## Considerations
 * Scanning and probing techniques using mapping tools can result in side effects to information technology (IT) and operational technology (OT) systems.
-* An adversary conducting network enumeration may engage in activities that parallel normal hardware inventorying activities, but would require escalating to admin privileges for most of the operations requiting administrative tools
+* An adversary conducting network enumeration may engage in activities that parallel normal network node inventorying activities, but would require escalating to admin privileges for most of the operations requiting administrative tools
 
 ## Examples
 * Link-layer discovery
@@ -23590,7 +23588,7 @@ Attestation of the secure boot occurs when a verifying entity requests a Quote w
     :d3fend-id "D3-TAAN" ;
     :definition "Validating that server components of a messaging infrastructure are authorized to send a particular message." ;
     :kb-article """## How it works
-Transfer Agent Authentication can be accomplished in different ways for depending on the protocol. In Email,  Sender Policy Framework (SPF), Domain Key Identified Email (DKIM) or Domain-based Message Authentication Reporting and Conformance (DMARC) to validate sender domain ownership.
+Transfer Agent Authentication can be accomplished in different ways for depending on the protocol. In Email, Sender Policy Framework (SPF), Domain Key Identified Email (DKIM) or Domain-based Message Authentication Reporting and Conformance (DMARC) are used to validate sender domain ownership.
 
 ### SPF
 SPF protocol allows for mail domain owners to specify the mail servers they use when sending email. SPF requires the use of SPF records published in the Domain Name System (DNS). The records record the authorized IPs for email senders. SPF uses the return-path address for domain IP identification. Email that is forwarded may cause the return-path validation problems.
@@ -27608,6 +27606,16 @@ Powershell can be used to hide monitored command line execution such as:
     :kb-reference-of :ProcessSuspension ;
     :kb-reference-title "PsSuspend" .
 
+:Reference-PublicKeyPinningExtensionForHTTP a owl:NamedIndividual,
+        :PatentReference ;
+    rdfs:label "Reference - Public Key Pinning Extension for HTTP" ;
+    :has-link "https://datatracker.ietf.org/doc/html/rfc7469"^^xsd:anyURI ;
+    :kb-abstract "RFC 7469 describes an HTTP extension that allows web host operators to instruct user agents to remember ('pin') the hosts' cryptographic identities over a period of time. This decreases the risk of MITM attacks due to compromised Certificate Authorities." ;
+    :kb-author "C. Evans, C. Palmer, R. Sleevi" ;
+    :kb-organization "Internet Engineering Task Force (IETF)" ;
+    :kb-reference-of :CertificatePinning ;
+    :kb-reference-title "Public Key Pinning Extension for HTTP" .
+
 :Reference-QualysNetworkPassiveSensorGettingStartedGuide a owl:NamedIndividual,
         :UserManualReference ;
     rdfs:label "Reference - Qualys Network Passive Sensor Getting Started Guide" ;