9a1e66b9-800f-4177-93a0-d333300ea518
Esempio
true
0
19a964b4-0a16-49e2-99b7-5dc91d54d6b5
Business Objectives
f257e2f3-fcc2-406c-a84c-b7d1c6ae96df
Application Decomposition
ea94e193-e5cc-4b69-8f1f-0eefcdc89985
Roles
b9216bbd-ecc0-421e-9f5e-6819fa849038
User Roles
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
Admin
987d67e3-823d-43ac-bcdb-13cfe6230d37
Utente non registrato
0f3552aa-3190-498a-a33f-bef19102e7de
Service Roles
ab2aac2a-33eb-48c6-8127-5a236b92a84b
web-site Role
Anonymous
1-5
f976593a-a633-4bc7-98d7-dfdbdb02cebb
NETWORK_SERVICE
64bfa089-8150-4937-99fe-2f135b5a5f03
web-service Role
d7e9c5a2-9fff-4421-8031-db55eec3fa07
NETWORK_SERVICE
0e63d3d1-2e0f-4684-8cbb-da138b4f56d6
database Role
d82da133-0bac-4f3a-93fd-d0959ed22203
SYSTEM
b235e3f0-45b2-4fb6-95e9-b0f6d007b5d9
Components
42e9fe35-ba29-4e3d-a135-4994b5ceb3ed
web-site
true
728bea27-0438-45cc-aea7-a8bc6208609a
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
987d67e3-823d-43ac-bcdb-13cfe6230d37
404b751c-da61-428e-97f7-bcb279126328
7591314b-d3f0-48d7-aec4-cb7b63e51fff
8b44934f-9fd1-4137-91b5-8e998ebc508e
548fa953-ef4f-4153-9ade-2605b11b7a3a
f976593a-a633-4bc7-98d7-dfdbdb02cebb
Website
Windows Server 2003
e187c930-bff9-46f1-85ff-fe3e9571e4b1
admin client
true
728bea27-0438-45cc-aea7-a8bc6208609a
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
548fa953-ef4f-4153-9ade-2605b11b7a3a
8b44934f-9fd1-4137-91b5-8e998ebc508e
2bba0a9a-2059-4cb3-b955-daade7c08aa0
00000000-0000-0000-0000-000000000000
Thick Client
Windows XP
af3d5a44-642d-4b9a-b335-8992aac33a1d
database server
true
728bea27-0438-45cc-aea7-a8bc6208609a
64bfa089-8150-4937-99fe-2f135b5a5f03
38eafd1a-25ec-4bb4-88c3-6e771e4b030f
8b44934f-9fd1-4137-91b5-8e998ebc508e
d82da133-0bac-4f3a-93fd-d0959ed22203
Database
SQL Server 2005
307b6d7c-4bfc-49cf-9e46-88ddf2c10ba9
web-service
true
728bea27-0438-45cc-aea7-a8bc6208609a
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
987d67e3-823d-43ac-bcdb-13cfe6230d37
548fa953-ef4f-4153-9ade-2605b11b7a3a
38eafd1a-25ec-4bb4-88c3-6e771e4b030f
d7e9c5a2-9fff-4421-8031-db55eec3fa07
Web Service
.NET Framework 2.0
a7706771-16bd-456c-9cf1-e10ff4c41472
admin web-service
true
728bea27-0438-45cc-aea7-a8bc6208609a
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
548fa953-ef4f-4153-9ade-2605b11b7a3a
38eafd1a-25ec-4bb4-88c3-6e771e4b030f
2bba0a9a-2059-4cb3-b955-daade7c08aa0
d7e9c5a2-9fff-4421-8031-db55eec3fa07
Web Service
.NET Framework 2.0
52ee13d4-bfe5-4ea7-998b-002c90849479
Application Data
728bea27-0438-45cc-aea7-a8bc6208609a
Informazioni prodotto
373b7552-18c9-42ed-a08d-4c87e8cee4b8
Conditional Access Control Group
037a1969-f792-4fb0-be8c-071b9ef42b8f
Conditional Access Control1
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
true
true
true
true
false
6ece9190-c681-4464-b53b-9df24821cacc
Conditional Access Control2
987d67e3-823d-43ac-bcdb-13cfe6230d37
false
true
false
false
false
a2cf9c3b-0e3c-4f08-8785-1e20e123c4a5
Conditional Access Control3
64bfa089-8150-4937-99fe-2f135b5a5f03
false
true
false
false
false
a2b8310f-083a-4ab4-9410-a6d09c27084e
Conditional Access Control4
ab2aac2a-33eb-48c6-8127-5a236b92a84b
false
true
false
false
false
0cabd64b-025a-4cdc-be9e-78b45120a4d9
External Dependencies Group
9dca6c34-e6e5-47ac-aa95-bbe48715fa99
Application Use Cases Group
7b29c87d-a49c-4a4e-aa99-210efd3df0b4
Visualizzazione del catalogo
false
true
false
false
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
987d67e3-823d-43ac-bcdb-13cfe6230d37
52288529-7e33-4ed5-8fbf-9816fb737db9
Utente non registrato visualizza catalogo web-site
987d67e3-823d-43ac-bcdb-13cfe6230d37
987d67e3-823d-43ac-bcdb-13cfe6230d37
00000000-0000-0000-0000-000000000000
42e9fe35-ba29-4e3d-a135-4994b5ceb3ed
Delegate Caller
visualizza catalogo
00124254-c400-47b2-9304-3eaba1190397
Data Effects
728bea27-0438-45cc-aea7-a8bc6208609a
889d4bbd-ef64-4787-b47e-39f10b0f5af0
Admin visualizza catalogo web-site
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
00000000-0000-0000-0000-000000000000
42e9fe35-ba29-4e3d-a135-4994b5ceb3ed
Delegate Caller
visualizza catalogo
31ec727e-27f7-4d2c-a2b0-bf643b7e8cba
Data Effects
728bea27-0438-45cc-aea7-a8bc6208609a
a565ba4a-29c4-44a9-b1d4-a6ce5703fc95
web-site ottiene i dati web-service
987d67e3-823d-43ac-bcdb-13cfe6230d37
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
42e9fe35-ba29-4e3d-a135-4994b5ceb3ed
00000000-0000-0000-0000-000000000000
307b6d7c-4bfc-49cf-9e46-88ddf2c10ba9
Delegate Caller
ottiene i dati
dbb60de7-ebad-4619-a331-96a23436b110
Data Effects
728bea27-0438-45cc-aea7-a8bc6208609a
d141f2f6-ba47-4eef-80f1-618065371d14
web-service richiesta catalogo database server
987d67e3-823d-43ac-bcdb-13cfe6230d37
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
307b6d7c-4bfc-49cf-9e46-88ddf2c10ba9
00000000-0000-0000-0000-000000000000
af3d5a44-642d-4b9a-b335-8992aac33a1d
Delegate Caller
richiesta catalogo
28ab8a24-5b84-4e9c-b6de-35ddeb052a83
Data Effects
5f4c4b03-9763-4810-bab3-077f70737935
Data Effect1
false
true
false
false
728bea27-0438-45cc-aea7-a8bc6208609a
728bea27-0438-45cc-aea7-a8bc6208609a
728bea27-0438-45cc-aea7-a8bc6208609a
81f48c6a-3ae3-40e9-8118-82ef1857c29e
Aggiunta di nuovi prodotti al catalogo
true
false
false
false
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
3ebebfa3-9907-4ecf-bdcf-3dd5198c3abd
Admin inserimento delle informazioni del nuovo prodotto admin client
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
00000000-0000-0000-0000-000000000000
e187c930-bff9-46f1-85ff-fe3e9571e4b1
Delegate Caller
inserimento delle informazioni del nuovo prodotto
38618c2b-6465-4d45-8f8e-30ec47e0fc03
Data Effects
728bea27-0438-45cc-aea7-a8bc6208609a
79dc9fd6-3072-4987-9d6d-f6cfd1af769f
admin client invio delle informazioni admin web-service
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
e187c930-bff9-46f1-85ff-fe3e9571e4b1
00000000-0000-0000-0000-000000000000
a7706771-16bd-456c-9cf1-e10ff4c41472
Delegate Caller
invio delle informazioni
eaa316de-1732-451e-a59e-bd4b322e861c
Data Effects
728bea27-0438-45cc-aea7-a8bc6208609a
68a68a6f-5090-4cce-84ad-a69ce4ebb7a9
admin web-service registrazione informazioni database server
64bfa089-8150-4937-99fe-2f135b5a5f03
a7706771-16bd-456c-9cf1-e10ff4c41472
d7e9c5a2-9fff-4421-8031-db55eec3fa07
af3d5a44-642d-4b9a-b335-8992aac33a1d
Impersonate
registrazione informazioni
8f5ec0b5-3cad-43f9-9b3f-70e191eb4974
Data Effects
74298618-a883-436a-8701-e87ff7d66c22
Data Effect1
true
false
false
false
728bea27-0438-45cc-aea7-a8bc6208609a
728bea27-0438-45cc-aea7-a8bc6208609a
728bea27-0438-45cc-aea7-a8bc6208609a
a856ad7d-c662-4eee-9e14-a454113dfe1f
Attack Library
000ed319-570b-4ae1-bfa4-f7a8848e3a3c
Attacks
9fd9aa32-287c-4eef-8325-5ba97cf0d901
Buffer Overflow
A buffer overrun occurs when a buffer declared on the stack is overwritten by copying data larger than the buffer. Variables declared on the stack are located next to the return address for the function’s caller. The usual culprit is unchecked user input passed to a function such as strcpy, and the result is that the return address for the function gets overwritten by an address chosen by the attacker. In a normal attack, the attacker can get a program with a buffer overrun to do something he considers useful, such as binding a command shell to the port of their choice.
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure03102004.asp>
The most common way to detect potential Buffer Overflow attacks are listed below:
1. Identify all entry points of the application that collect user input via text boxes, command line parameters etc.
2. Provide exceedingly long input via all entry points [For e.g AAAAAAAAA….] and submit the request.
3. If the long input that you provided results in buffer overflow attack, you would receive an exception message in the below format.
Note: If you don’t have a development environment on your system, this information will be logged in the Dr. Watson logs.
3267153d-a278-4888-8536-8039d0952d36
Use of unsafe functions (in unmanaged code)
The standard string manipulation functions (unsafe functions) that are supplied by C/C++ language runtime libraries do not prevent writing beyond the end of buffers. This vulnerability does exist when application uses unsafe functions (strcat, strcpy, sprintf, and so on) in the code.
1. Identify the code in the application which uses inherently unsafe functions (strcat, strcpy, sprintf, and so on).
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winui/winui/windowsuserinterface/resources/strings/usingstrsafefunctions.asp>
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
Use safe functions such as strncpy, strncat instead of strcpy, strcat
You can eliminate many potential buffer overruns by using the kernel-mode safe string functions instead of the standard string manipulation functions. The kernel-mode safe string functions are prototyped in Ntstrsafe.h; this header file and the associated library, Ntstrsafe.lib, are provided in the Windows DDK for Windows XP SP1 and later versions of Windows. (A corresponding set of safe string functions for user-mode applications is prototyped in Strsafe.h. For more information about these functions, see the Platform SDK.)
The kernel-mode safe string functions take the size of the destination buffer as an input parameter, to ensure that the function does not write past the end of the buffer. These functions also null-terminate all output strings, to avoid problems caused by a missing null terminator. To make checking return values simpler and more consistent, all safe string functions return an NTSTATUS value with only one possible success code, STATUS_SUCCESS.
Each kernel-mode safe string function is available in both byte-counted and character-counted versions (RtlStringCbXxx and RtlStringCchXxx) as well as versions for double-byte Unicode characters and single-byte ANSI characters (RtlStringXxxW and RtlStringXxxA), to make handling mixed Unicode and ANSI strings easier. Most functions are also available in an extended version (RtlStringXxxEx) that provides advanced functionality, such as filling the destination buffer after the null terminator.
More information:
· <http://www.microsoft.com/whdc/driver/tips/SafeString.mspx>
· <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/kmarch/hh/kmarch/Other_2fe131c8-834b-4fff-a1c8-3803eeb9324c.xml.asp>
1. Replace all the unsafe functions implementation with safe functions in the application code.
Example:
The buffer overrun caused by Unicode and ANSI buffer size mismatches is somewhat common on Windows platforms. It occurs if you mix up the number of elements with the size in bytes of a Unicode buffer. There are two reasons it’s rather widespread: Windows NT and later support ANSI and Unicode strings, and most Unicode functions deal with buffer sizes in wide characters, not byte sizes.
The most commonly used function that is vulnerable to this kind of bug is MultiByteToWideChar. Take a look at the following code:
BOOL GetName(char *szName)
{
WCHAR wszUserName[256];
// Convert ANSI name to Unicode.
MultiByteToWideChar(CP_ACP, 0,
szName,
-1,
wszUserName,
sizeof(wszUserName));
// Snip
}
The problem is the last argument of MultiByteToWideChar. The documentation for this argument states: “Specifies the size, in wide characters, of the buffer pointed to by the lpWideCharStr parameter.” The value passed into this call is sizeof(wszUserName), which is 256, right? No, it’s not. wszUserName is a Unicode string; it’s 256 wide characters. A wide character is two bytes, so sizeof(wszUserName) is actually 512 bytes. Hence, the function thinks the buffer is 512 wide characters in size. Because wszUserName is on the stack, we have a potential exploitable buffer overrun.
Here’s the correct way to write this function
MultiByteToWideChar(CP_ACP, 0,
szName,
-1,
wszUserName,
sizeof(wszUserName) / sizeof(wszUserName[0]));
true
0
6d915115-703d-40ea-b537-fe6e41a91198
Using safe functions incorrectly
Programmers who attempt to use relatively safe functions such as strncpy do not necessarily make their programs much more secure from overflows. Errors in counting the size of the buffer can occur usually resulting in a single byte overflow known as an off-by-one.
Consider the following program where the programmer has mistakenly utilized “less than or equal to” rather than simply “less than.”
#include <stdio.h>
int i;
void vuln(char *foobar)
{
char buffer [512];
for (i=0;i<=512;i++)
buffer[i]=foobar[i];
}
void main(int argc, char *argv[])
{
if (argc==2)
vuln(argv[1]);
}
In this case, the stack will appear as:
While one is unable to overwrite EIP because the overflow is only one-byte, one can overwrite the least-significant byte of EBP because it is a little-endian system. For example, if the overflow byte is set to 0x00, the Old EBP will be set to 0x0012FF00.
Depending on the code, the fake EBP may be used in a variety of manners. Often, a mov esp, ebp will follow causing the stack frame pointer to now be in the location of buffer. Thus, buffer can be constructed to hold local variables, an EBP, and more importantly an EIP that redirects to the malicious code. The local variables of the fake stack frame will be processed and the program will continue execution at the fake return EIP, which has been set to injected code located in the stack. Thus, a single byte overflow may allow arbitrary code execution.
1. Identify the code that makes use of safe functions.
2. Check the size of the data before copying it to the destination buffer. If not, this can lead to buffer overflow exploitation.
b287c964-8560-4add-90c3-d86f1b08437c
Validation on input should be performed on the input
Many functions, messages, and macros use strings in their parameters. However, often the strings are not checked for null-termination or for length. A related concern is miscalculating the length of a string or buffer. In either case, this can lead to buffer overflow or data truncation, which can affect your application adversely.
To handle strings in a safe manner, you should do the following:
Ø Check strings for null-termination or for the proper length, as appropriate.
Ø Take special care to determine the length of a string or buffer, especially when it is a TCHAR.
Ø If you create a string or use a string that was used previously, initialize it to zero or insert a null-terminator, as appropriate.
In addition, consider using the StrSafe functions when dealing with strings. These functions are designed to handle strings safely.
Users who enter incorrect data can disrupt your application, whether or not they intend to do so. Thus, the cardinal rule is that all input must be validated.
Of primary concern is string data, which is discussed in String Considerations. However, all types of input should be validated before being used by your application. Another concern is when data is validated at one point but changes before it is used, for example, when receiving messages that give the length of text. So, if there is a chance the data might change, you should check the data just before you use it
true
0
7591314b-d3f0-48d7-aec4-cb7b63e51fff
43205c65-a978-46f7-bd0e-dd25926b5950
Canonicalization
Different forms of input that resolve to the same standard name (the canonical name), is referred to as canonicalization. Code is particularly susceptible to canonicalization issues if it makes any decisions based on the name of a resource that is passed to the program as input. Files, paths, and URLs are resource types that are vulnerable to canonicalization because in each case there are many different ways to represent the same name.
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh04.asp>
The most common way to detect the potential of a Canonicalization attack:
1. Identify entry points that collect user input for file paths, url’s in text boxes, query string parameters, etc.
2. Try to enter the following strings which could represent the same file and submit the request.(valid file name is somefile.dat)
c:\temp\subdir\..\somefile.dat
c:\ temp\ somefile.dat
..\somefile.dat
c%3A%5Ctemp%5Csubdir%5C%2E%2E%5Csomefile.dat
3. If the application accepts the above mentioned different forms of file names application is vulnerable to Canonicalization.
4. Please note that the exception/error messages/control flow/program flow may be logged therefore simply checking the UI will not be sufficient.
1fbc13ae-74fd-4d60-8438-71e43279f43f
Allowing an untrusted source to specify the name of a file resource
The applications that accept input file names from the user. For example:
strTheFile = Request.QueryString["filename"].ToString();
File.Delete(strTheFile);
Identify code in the application which accepts\builds file names, url paths dynamically.
d79e7276-2036-4b5f-ab8a-6f7edb387a30
Only accept primitive typed identified (e.g., integers) which are mapped to filenames
Accept Filepath/URL as primitive types (GUID, Integers) rather than accepting as files names.
The following C# code sample will demonstrate how to get a file name from the user supplied id’s. This prevents user from entering invalid characters and malformed URLs. Therefore, you can avoid common canonicalization issues. Note the below code snippet is a generic example where in you can securely consume integer as an input from the user & map it to the filename. For more scalable solution, this mapping can be done in the backend database.
Private void GetMap( string file )
{
int id;
try
{
id = int.Parse(file);
}
catch (Exception ex)
{
return;
}
file = this.idToFilename(id);
if (file == "")
return;
string path = Server.MapPath("");
string filename = path+"\\"+file;
FileStream fs = new FileStream( filename, FileMode.Open,
FileAccess.Read);
byte[] MyData = new byte[fs.Length];
fs.Read(MyData, 0, (int)fs.Length);
fs.Close();
fs = null;
Response.Buffer = true;
Response.BinaryWrite(MyData);
}
private string idToFilename(int id)
{
switch(id)
{
case 1:
return "seattle.gif";
case 2:
return "bellevue.gif";
case 3:
return "kirkland.gif";
default:
return "";
}
}
true
0
0dd62a38-b3bb-45c8-9009-3bcbf07d80d1
Validate supplied filename with the filename of the resolved absolute path
When a Filepath/URL is received by a Web server, the server maps the request value to a file system path that determines the control decisions. The canonicalization routine that is used to map the request value must correctly parse the URL to avoid serving or processing unexpected content.
The following C# code sample demonstrate how to add an Application_BeginRequest event handler to a Global.asax file. This event handler helps prevent invalid characters and malformed URLs by performing path verifications. Therefore, you can avoid canonicalization issues.
<script language="C#" runat="server">
void Application_BeginRequest(object source, EventArgs e) {
if (Request.Path.IndexOf('\\') >= 0 ||
System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {
throw new HttpException(404, "not found");
}
}
</script>
GO
More information:
a. <http://support.microsoft.com/kb/887459/#XSLTH4139121121120121120120>
b. <http://support.microsoft.com/kb/887289> : HTTP module to check for canonicalization issues with ASP.NET.
false
0
5072626b-5643-4b84-973c-9d6180d06c21
f6aa925f-2482-46a5-8bd6-5ab05a0e20a2
Cross-Site Scripting (XSS)
Cross-site script (XSS) attacks can occur whenever a users input is echoed back to the browser without adequate validation, sanitization or encoding, enabling an attacker to supply input which the victim's browser interprets as client-side script originating from the vulnerable application.
The XSS attacks could be categorized as persistent or non-persistent.
In the "direct" or "persistent" scenario, the attacker posts malicious data to the web server which is stored and later replayed to the victim. In the "indirect" or "non-persistent" scenario, the attacker supplies the victim with a URL or HTML form which contains malicious script. The victim's browser passes the malicious script to the vulnerable site, which replays it to the victim's browser. In both cases, the script is executed in the trust context of the vulnerable site.
Typical XSS exploits target the victim's cookies, transmitting them to the attacker so that the attacker can impersonate the victim on the vulnerable site. In general, XSS exploits enable attackers to take arbitrary actions on the vulnerable site on the victim's behalf. In the worst-case scenario, an attacker can use XSS to seize remote control of the victim's computer
How-to-test-for:
The most common way to detect the potential of a XSS attack:
1. Identify entry points that collect user input such as Form inputs [e.g text boxes], query string parameters, etc.
2. Check if the user input is echoed back to the browser.
3. Insert “<script>alert(‘XSS’);</script>” as an input and submit the request.
4. If this pops up an alert box saying “XSS” attack was successful.
5. Depending on the context of the output this payload might need more tweaking. Do a View Source to find where & how the input was echoed back.
6. Presence of the input without encoding in the source indicates XSS vulnerability.
c7f36054-43fd-4e0a-b3bb-ee3753e20c13
Ineffective or lacking encoding
The application echoes back the user input without encoding. As example:
<%
Response.Write(Request.QueryString["userinput"]);
%>
The application echoes back the user input without effective encoding. In the example shown below Server.HTMLEncode will not help as it encodes only the four characters; < > & and “, and the attacker does not need any of these in JavaScript context:
<script language=”javascript”>
var id = <%=Server.HTMLEncode(Request.QueryString["userinput"]) %>;
</script>
1. Identify code in the application where user input is echoed back to the user without effective encoding.
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
Perform context sensitive encoding
Proper context sensitive encoding of data renders the malicious characters ineffective needed to open and work within a scripting context.
1. Use AntiXSS (http://msdn2.microsoft.com/en-us/security/aa973814.aspx) or any other encoding library to encode the input depending on the context it is output to.
.NET Framework (C#) example for different contexts:
a. HTML body
<%
Response.Write( AntiXss.HtmlEncode(Request.QueryString["userinput"]) );
%>
b. HTML attribute
<html>
<img src=”/users/user.gif” id=<% =AntiXss.HtmlAttributeEncode(Request.Form["userinput"]) %>>
</html>
c. Javascript block
<script language="javascript">
var id = <%=AntiXss.JavaScriptEncode(Request.Querystring["userinput"]) %>;
</script>
true
0
1a1ef139-6af6-4769-95a8-4244d6e1eb98
Ineffective or lacking input validation
User input is not validated on the server-side or the validation is inappropriate. Input validation can follow the principle of exclusions or the principle of inclusions. The principle of exclusions defines an exclusion list of characters that are unacceptable whereas under the principle of inclusions one defines an inclusion list of acceptable characters. The appropriate validation is done by following the principle of inclusions.
1. Identify user input that is being echoed to the browser without being validated. Example:
<% Response.Write(Request.QueryString["userinput"]); %>
2. Identify user input that is only being validated on the client side (for example, using JavaScript).
3. Identify user input that is being validated against an inclusion list of unacceptable characters. For example an application that rejects the “<script>” tag as a validation guard for potential XSS attack.
4. Identify user input that is being saved to the database without being validated.
Note: This could result in persistent XSS attack in case an application assumes the database to have good data and does not encode it before outputting to the client.
987228bc-e382-4083-8371-3623cabb2015
Untrusted input should be validated against an inclusion list
For each input, define what is acceptable through either a regular expression, a list of acceptable characters, domain constrains or type casting and enforce this validation on the server side.
This can be implemented by one or more means. For example, one can:
1. Build a regular expression that defines an inclusions list of acceptable character sequences. For example: Name must contain between 1 and 40 alphanumeric characters and (optionally) special characters such as apostrophes for names such as O'Dell
if (Regex.IsMatch(Request.Form["name"],@"^[\p{L}\p{Zs}\p{Lu}\p{Ll}\']{1,40}$"))
{
// validation passed
}
else
{
// validation failed
}
2. If the input is of a primitive type, one can cast it. For example:
int x = int.Parse(Request.Form(“param”))
3. If the input can only be from a small (but varying) domain, one can define conditional statements to validate them. For example:
if ( (Request.Form(“favColor”) == “RED”) || (Request.Form(“favColor”) == “ORANGE”) )
{
// validation passed
}
else
{
// validation failed
}
false
0
404b751c-da61-428e-97f7-bcb279126328
9b3ee179-2671-4a19-be1f-d80b13db845b
Cryptanalysis Attacks
Cryptanalysis is the science of cracking codes, decoding secrets, violating authentication schemes and breaking cryptographic protocols. It is also the science devoted to finding and correcting weaknesses in cryptographic algorithms. It is understood within the field of Cryptology that an algorithm should not rely on its secrecy. An algorithm should always be made available for public scrutiny. It is this scrutiny that will make it a well trusted algorithm. Inevitably, vulnerability in the algorithm will be exploited.
The most common way to detect the potential of a Cryptanalysis attack:
1. Check for the algorithm which is used for encryption in the application
2. Check for any custom algorithms are being used in the application
3. Check the bit length of Keys that are used for encryption
4. Check for how the Keys are secured and maintained
80409116-8e2c-420d-8f5b-08073e5e3ca2
Custom implementation of algorithm
Custom algorithms are not good to use for encryption/hashing, because these algorithms may be easily predictable and may be prone to compromise. Custom algorithm is an algorithm which is not standardized and published.
1. Check whether custom encryption algorithms are used by the application/ components.
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
Use well-known implementations of well-known cryptographic algorithms
With the help of .NET Cryptography namespace classes we can implement a safe way of encryption/decryption. (like 3DES, AES etc.,)
1. Use any Security.Cryptography name space class for encryption
Sample Code Snippet for 3DES algorithm:
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
CryptoStream encStream = new CryptoStream(fout,tdes.CreateEncryptor(tdesKey, tdesIV), CryptoStreamMode.Write);
Console.WriteLine("Encrypting...");
… etc.,
true
0
14c94e4b-ba62-4b62-9e54-f809d6a0d5f2
Use of weak keys (e.g., key length)
In cryptography, a weak key is a key which can be compromised with less effort & time through brute force attack. The strength of Cryptographic algorithm depends on the key length. Hence the key length should be large enough as per the standards provided. Usage of weak keys may compromise the secrets that are encrypted.
1. Check for the key size (example: whether the key size is 64bit/128bit etc.,)
Sample Code Snippet:
DESCryptoServiceProvider key = new DESCryptoServiceProvider(); // default key size uses 64 bit
// Encrypt a string to a byte array.
byte[] buffer = Encrypt("This is some plaintext!", key);
// Decrypt the byte array back to a string.
string plaintext = Decrypt(buffer, key);
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
Use cryptographically generated random keys
Use RNGCryptoServiceProvider class to generate random keys.
byte[] key = new byte[128];
RandomNumberGenerator.Create().GetBytes(key); // The array is now filled with cryptographically strong random bytes
etc.,
true
0
1c7e48d4-2b9c-4d7e-afb5-b0d7de374a1a
Use large keys (e.g., 128-bit symmetric or 1024-bit asymmetric keys)
In cryptography, size does matter. The larger the key, the harder it is to crack a block of encrypted data. So it is important to use large keys for encryption.
Using Symmetric algorithm like 3DES:
TripleDESCryptoServiceProvider key = new TripleDESCryptoServiceProvider();
// Encrypt a string to a byte array.
byte[] buffer = Encrypt("This is some plaintext!", key); // default key size is 192
// Decrypt the byte array back to a string.
string plaintext = Decrypt(buffer, key);
Using Asymmetric algorithm like RSA:
byte[] key= new byte[1024]
RandomNumberGenerator.Create().GetBytes(key);
//Create a new instance of RSACryptoServiceProvider.
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
//Create a new instance of RSAParameters.
RSAParameters RSAKeyInfo = new RSAParameters();
RSAKeyInfo.Modulus = key;
…
false
0
5d8fcbf7-f01e-4ba3-9277-e8b4e7c29990
Secret key stored insecurely
The secret key must be stored securely other wise any unauthorized user/attacker can steal and get the information.
1. Check for clear text cryptographic secrets in config files, connection string, code etc.,
2. Check for Access controls on the location where the secret key files are stored (ex: file shares, registry, database etc.,)
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
Utilize platform supplied feature to store secret key (e.g., DPAPI)
Use Platform supported features for encryption/decryption. In windows 2000, DPAPI is a very simple API consisting of only a pair of function calls that provide OS-level data protection services to user and system processes. Since the data protection is part of the OS, every application can secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI. These calls are two simple functions with various options to modify DPAPI behavior. Overall, DPAPI is a very easy-to-use service that will benefit developers that must provide protection for sensitive application data, such as passwords and cryptographic keys.
DPAPI provides two functions CryptProtectData () and CryptUnprotectData () for encryption and decryption respectively.
Use CryptProtectData AND CryptUnProtectData
System.Security.ProtectedData namespace of .NET 2.0
Code Snippet:
private static byte[] Decrypt(byte[] ciphertext)
{ byte[] applicationEntropy = Encoding.ASCII.GetBytes("AcmeWidgets");
return ProtectedData.Unprotect(ciphertext, applicationEntropy, DataProtectionScope.LocalMachine);
}
For More Information:
1. <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/1windataprotection-dpapi.asp>
2. <http://support.microsoft.com/default.aspx?scid=329290>
true
0
1ad4a4db-d7a9-4d0d-92d0-c707be87acd7
Follow principle of least privilege to provide limited access to the secret key
Allow access to the secret key file on the Need to Know basis to the users. The principle of least privilege requires that each subject be granted the most restrictive set of privileges needed for the specific task.
Identify the location of the secret key and restrict the access to the authorized users.
For example if the secret key is stored in a file the below procedure can be implemented.
1. Select the file
2. Right-click the file, click Properties, and then click the Security tab.
3. Click Advanced, and then do one of the following:
Permission to set Action item
Set special permissions for an additional group or user · Click Add. · In Name, type the name of the user or group, and then click OK.
View or change special permissions for an existing group or user Click the name of the group or user and then click Edit.
4. In the Permissions box, select or clear the appropriate Allow or Deny check box.
5. In Apply onto, select the file you would like these permissions to be applied to.
6. To configure security so that the subfolders and files will not inherit these permissions, clear the Apply these permissions to objects and/or containers within this container only check box.
7. Click OK and then, in Advanced Security Settings for FileName, click OK.
false
0
1fbd0b28-d475-4af5-b84b-8a0ecee93c2a
Maintain key outside of the application domain (e.g., for a web server, keep the key outside of the
Always keep the key outside of the application boundaries. (Ex: do not keep in web root, application directories etc.,)
1. Store the key in the source control management like source depot, visual source safe etc. with proper ACL’s.
false
0
f7c456bd-6b10-4e1b-825b-e31600310397
Secret key transmitted insecurely
The secret key will be compromised if it is transmitted over an unsecured communication channel. So the communication channel should be encrypted.
1. Identify the secret key transmission over protocols like http, ftp, soap etc.,
02cc4a13-55f6-4baa-9b25-51411b1a58cc
Utilize SSL or IPSec w/ Encryption to establish a secure communication channel
Use SSL to secure the communication channel. All traffic passed between the client and the application server should be secured. SSL is a protocol for secure network communications using a combination of public and secret key cryptography. Primarily it is used to encrypt Web communications.
1. <http://support.microsoft.com/kb/299875/en-us>
true
0
c8887f4c-a1c1-4432-bde0-f76804c28cf9
Hide the underlying character pattern of the plain text
In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher executed in the different streaming modes of operation to produce a unique stream independent from other streams produced by the same encryption key, without having to go through a (usually lengthy) re-keying process. The size of IV depends on the encryption algorithm and on the cryptographic protocol in use and is normally as large as the block or as large as the encryption key. The IV must be known to the recipient of the encrypted information to be able to decrypt it.
Using .NET System.Security.Cryptography classes we can use unique random IV to hide the underlying character pattern of the plain text.
Code Snippet:
Private static void Encryption(String inName, String outName, byte[] desKey, byte[] desIV)
{
FileStream fout = new FileStream(outName, FileMode.OpenOrCreate, FileAccess.Write);
fout.SetLength(0);
byte[] desIV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
.....
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
CryptoStream encStream = new CryptoStream(fout, tdes.CreateEncryptor(desKey, desIV), CryptoStreamMode.Write);
Console.WriteLine("Encrypting..."); …
}
For more Information:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/html/cpcondecryptingdata.asp>
false
0
f83eff61-a123-49c9-b82a-2b03b38794a8
If using a cryptographic hash algorithm, salt the hash value with a unique random bit stream
Due to the nature of hashing algorithms, they produce similar hash values when more than one input stream is of the same value. Hence, by looking at the hash outputs, it can be determined that the corresponding inputs are the same. In order to avoid this problem, it is always important to salt the hash value with a unique random number for every operation so that the hash output for similar inputs will vary with the transaction.
C# code:
string plainText = "Hello, World!"; // original plaintext
string passPhrase = "Pas5pr@se"; // can be any string
string saltValue = "s@1tValue"; // can be any string
string hashAlgorithm = "SHA1"; // can be "MD5"
int passwordIterations = 2; // can be any number
string initVector = "@1B2c3D4e5F6g7H8"; // must be 16 bytes
int keySize = 256; // can be 192 or 128
PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase,
saltValueBytes,
hashAlgorithm,
passwordIterations);
string cipherText = RijndaelSimple.Encrypt(plainText, passPhrase, saltValue,
hashAlgorithm, passwordIterations, initVector, keySize);
etc.,
false
0
2bba0a9a-2059-4cb3-b955-daade7c08aa0
42558865-4554-4199-b1f6-b8f549ececd9
Denial of Service
A Denial of Service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. Typically, the loss of service is disruption of services like e-mail, directory services etc. In the worst cases, for example, a Web site accessed by millions of people can occasionally be forced to temporarily cease operation. A denial of service attack can also destroy assets in a computer system. Although usually intentional and malicious, a denial of service attack can sometimes happen accidentally. A denial of service attack is a type of information theft which will cost organization’s time & money.
More information: <http://en.wikipedia.org/wiki/Denial_of_service>
The most common way to detect the potential of a Denial of Service attack:
1. Identify entry points that accept user input (such as file upload, accepting user comments etc).
2. Insert huge/unexpected input as an input and submit the request.
3. Repeat step 3 until resources (memory, CPU Utilization) get exhausted.
4. Identify whether application behaved in an unexpected way.
5. Also identify whether an exception/error message was generated relating to request (e.g., Page cannot be displayed).
Please note that the exception may be logged therefore simply checking the UI for an error message will no be sufficient.
7c5322a5-f269-4425-a094-a36731a3dc17
Lacking or ineffective performance considerations
The application or component builds strings by concatenating at runtime. For example
The following C# code snippet concatenates strings at runtime.
string sentence = "I really like riding roller coasters because they're super fun and have ups and downs, just like life!";
string[] words = sentence.Split(new char[] { ' ' });
string result = "";
for (int i = 0; i < 1000; i++)
{
foreach (string word in words)
{
result = result + word + " "; //Concatenation
}
}
1. Identify code in the application/component instances of string concatenation.
9a998c11-2e57-4615-a4e3-42e8272dba9d
Performance should be considered a requirement especially for areas of the application where availab
use StringBuilder over straight string concatenation in order to avoid performance bottlenecks.
StringBuilder can be implemented in the following way. For example,
StringBuilder builder = new StringBuilder();
for (int i = 0; i < 1000; i++)
{
foreach (string word in words)
{
builder.Append(word);
builder.Append(" ");
}
}
result = builder.ToString();
true
0
8f224cb0-1ebb-4d99-8ecf-edbc1e2b1d60
Accepting arbitrary sized requests
User supplied values (like file upload, comments) are not validated on the server-side or the validation is inappropriate.
1. Identify components that take user input (like files, comments). Example:
File.SaveAs(sFolderName & "\" & sUserSuppliedFileName)
String sComments = Request.Form(“Comments”);
2. Identify user input that is only being validated on the client side (for example, using JavaScript).
3. Identify user input that is being validated against an exclusion list of unacceptable characters.
98f55fcb-a5f0-45d1-a7c0-fc6dfe946293
An upper limit on the size of a request should be enforced (e.g., 1 meg HTTP request)
For each input, define the acceptable size of request, and enforce validation on the server side.
File upload check can be implemented in the following way. For example:
string userFileName = Path.GetFileName(File.PostedFile.FileName);
if (File.PostedFile.ContentLength < 1024) //1MB File check
{
try
{
File.PostedFile.SaveAs(userFileName);
}
}
User supplied comments can be checked in the following way.
If(Request.Form(“Comments”).Length < 100) // check 100 characters
{
// do process comments
}
In ASP.NET, make use of maxRequestSize attribute to specify maximum file upload size.
<httpRuntime maxRequestLength="1024"/> //size in kbytes
false
0
805ad72e-af6f-4ada-a825-070afb48fd74
Building potential wildcard dynamic data queries using untrusted input (LDAP, SQL)
In SQL, the LIKE keyword searches for character string, date, or time values that match a specified pattern. The LIKE keyword uses a regular expression to contain the pattern that the values are matched against. The pattern contains the character string to search for, which can contain any combination of the following four wildcards.
Wildcard Meaning
% Any string of zero or more characters.
_ Any single character.
[ ] Any single character within the specified range (for example, [a-f]) or set (for example, [abcdef]).
[^] Any single character not within the specified range (for example, [^a - f]) or set (for example, [^abcdef]).
The application constructs a SQL & LDAP statements containing wild card search at runtime. Example are given below:
strSQL = “SELECT * FROM TABLE1 WHERE COL1 LIKE ‘“ + Request.QueryString(“userInput”) + “’”
strLDAPStmt = “(some attribute=Request.QueryString(“userinput”))” //query becomes ‘(some attribute=user input)(|(cn=*))’
1. Identify user input that is being used to construct dynamic SQL statements without being validated. Example:
strSQL = “SELECT * FROM TABLE1 WHERE COL1= ‘“ + Request.QueryString(“userInput”) + “’”
2. Identify user input that is only being validated on the client side (for example, using JavaScript).
3. Identify user input that is being validated against an inclusion list of unacceptable characters.
c37679fc-713b-42b0-9156-6a43e4461f93
Wildcard queries should be avoided - if they are necessary, consider using predefined views to speed
Don’t use wildcard queries. Use views instead of wildcard queries. Views can serve as security mechanisms by restricting the data available to users. Some data can be accessible to users for query and modification, while the rest of the table or database is invisible and inaccessible. Permission to access the subset of data in a view must be granted, denied, or revoked, regardless of the set of permissions in force on the underlying table(s).
This can be implemented by one or more means. For example:
Views can be created by defining the SELECT statement that retrieves the data to be presented by the view. The data tables referenced by the SELECT statement are known as the base tables for the view. In this example, titleview in the pubs database is a view that selects data from three base tables to present a virtual table of commonly needed data:
CREATE VIEW titleview
AS
SELECT title, au_ord, au_lname, price, ytd_sales, pub_id
FROM authors AS a
JOIN titleauthor AS ta ON (a.au_id = ta.au_id)
JOIN titles AS t ON (t.title_id = ta.title_id)
false
0
513d9591-c785-4dde-a1f0-3ff1190677e3
Inappropriately utilizing of shared resources
Use of computer and/or network facilities in ways that impede the computing activities of others should be properly managed. These activities include randomly initiating interactive electronic communications or e-mail exchanges, overuse of interactive network utilities, overuse of network accessible bulletin boards or conferences, and the "off topic" posting of material to bulletin boards and conferences
Poor/ inappropriate access control mechanism on shared resources.
747fef16-840b-44ed-a524-53fd6ad2ea19
Use of shared resources (e.g., shared files) should be considered at design time
At the design time, access control to the shared resources/assets should be given on a need to know basis. Each resource/asset should be mapped to predefined trust levels, who actually require permissions.
If shared resource is a Network file or folder, set permissions as given below:
1. Right-click the shared file or folder, click Properties, and then click the Security tab.
2. Do one of the following:
a) To set permissions for a group or user that does not appear in the Group or user names box, click Add. Type the name of the group or user you want to set permissions for and then click OK.
b) To change or remove permissions from an existing group or user, click the name of the group or user.
3. Do one of the following:
a) To allow or deny a permission, in the Permissions for User or Group box, select the Allow or Deny check box.
b) To remove the group or user from the Group or user names box, click Remove.
false
0
0ea0c00a-9790-43aa-aa78-2ccb71ba4f1e
In case of failure, application does not fail securely/intelligently
If application fails with an unrecoverable exception condition, make sure that it fails securely and does not leave the system wide open. Ensure that the exception details are not propagated to user. Instead return generic error messages to user. Plan to handle errors using structured exception handling, rather than relying on method error codes.
1 Identify entry points that take user input in textboxes, query string values.
2 Insert unexpected values as an input and submit the request.
3 Identify whether an exception/error message was generated relating to action (e.g., Page cannot be displayed).
Please note that the exception may be logged therefore simply checking the UI for an error message will not be sufficient. Check the logs as well.
a2de5053-07e7-4b84-9e1a-1362359b78fe
Implement appropriate exception handling
The try...catch…finally statement provides a way to handle some or all of the possible errors that may occur in a given block of code. Handle errors that occur in the program, and provide generic error messages to user.
The tryStatements contain code where an error can occur, while catchStatements contain the code to handle any error that does occur. If an error occurs in the tryStatements, program control is passed to catchStatements for processing. The initial value of exception is the value of the error that occurred in tryStatements. If no error occurs, catchStatements are never executed.
This can be implemented in the following way. For example:
try
{
tryStatements
}
catch(exception ex)
{
catchStatements
}
finally
{
finallyStatements
}
true
0
25a677b7-0e9a-48d7-a81a-ac883c14ee62
Don't display detailed error messages to users
All error messages should be trapped and a generic error message should be sent to the application client.
This can be implemented by one or more means.
For example, one can Return Generic Error Pages to the Client in the event of an unhandled exception, (i.e., the exception that propagates to the application boundary), return a generic error page to the user. To do this, configure the <customErrors> element as follows:
<customErrors mode="On" defaultRedirect="YourErrorPage.htm" />
The error page should include a suitably generic error message, possibly with additional support details. The name of the page that generated the error is passed to the error page through the aspxerrorpath query parameter.
You can also use multiple error pages for different types of errors. For example:
<customErrors mode="On" defaultRedirect="YourErrorPage.htm">
<error statusCode="404" redirect="YourNotFoundPage.htm"/>
<error statusCode="500" redirect="YourInternalErrorPage.htm"/>
</customErrors>
For individual pages you can supply an error page using the following page-level attribute:
<% @ Page ErrorPage="YourErrorPage" %>
true
0
8b44934f-9fd1-4137-91b5-8e998ebc508e
a0524d75-d2dd-4bb4-85f7-e5c8a40b9986
Forceful Browsing
With the forceful browsing attack, the attacker gains access to a restricted page within a Web application by supplying a URL directly (forcing the URL) instead of accessing it by following links from other pages in the application. The intended workflow to get to the restricted page is through another page which authorizes the user to access the target page. This attack also allows attacker to gain access to resources to which no direct links exist.
More information:
<http://www.devsource.com/article2/0,1895,1837351,00.asp>
The most common way to detect the potential of a Forceful Browsing attack:
1. Identify Vulnerable Files, Hidden Un-Referenced Files, Back-Up Files / Temp Files etc.,
2. If user can be able to access the above files, then forceful browsing is achieved.
5b6cfca9-767e-45bb-8fbb-5f8cc5109b79
Poor authorization control
Poor authorization control will give unauthorized users access to resources violating the ACLs. Many web site administrators leave files on the web server such as sample files or default installation files. When the web content is published, these files remain accessible although they are un-referenced by any HTML in the web. Many examples are notoriously insecure, demonstrating things like uploading files from a web interface. If an attacker can guess the URL, then the attacker is able to access the resource. Back-up files are also dangerous as many developers embed things into development HTML that they later remove for production.
1. Check for improper access control mechanism. (File Shares, web pages etc.,)
2. Unauthorized user is able to access resources requiring authorization.
3. An authenticated user is able to access the privileged resources by simply tampering the fields in the URL
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
Every object needs to have an authorization control
Authorization should be resource centric. Every privileged resource should be checked for authorization before granting access.
1. Implement proper Access control mechanism on resources.
2. Remove unnecessary files, temp files, back up files etc.,
3. Ensure proper authorization checking in the application when user accesses admin pages, performs sensitive operations etc.
Code Snippet1:
If HttpContext.Current.User.IsAuthenticated Then
lblUserName.Text = HttpContext.Current.User.Identity.Name
If HttpContext.Current.User.IsInRole("Manager") Then
'enable manager-level features
End If
Else
'deny access
End If
4. Implement proper authorization for resources.
For example in the web.config filec configure the application to use Forms-based security. This is done by changing both the <authentication> and <authorization> elements in the file:
<authentication mode="Forms">
<forms name="login"
loginUrl="login.aspx" protection="All" timeout="60" />
</authentication>
<authorization>
<deny users="?" /> <!-- Block unauthorized users -->
</authorization>
Etc.,
5. Remove unnecessary code that contains Easter egg & trapdoors.
For More Information:
For Authentication & Authorization
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnadvnet/html/vbnet10282003.asp>
For Authorization Manager (AzMan)
<http://msdn.microsoft.com/msdnmag/issues/03/11/AuthorizationManager/>
For Role provider information
<http://msdn2.microsoft.com/8fw7xh74.aspx>
true
0
404b751c-da61-428e-97f7-bcb279126328
05090938-4d8c-416e-b9fb-0adc0757df64
Format String
A common function used to output data are the printf family of functions. When a programmer calls these functions with user input without explicitly specifying a format string several threats are created. By manipulating input to these functions, attackers can read and write to generally arbitrary regions of memory and create several unfavorable application conditions such as arbitrary code exection.
The most common way to detect the potential of a format string attack:
1. Identify code instances were the printf classes of functions are called without providing explicit format strings.
c287f10b-2e2d-4834-b286-d99154feac58
Use of an unmanaged language or native code
The application or component uses an unmanaged language, native code or some language that is not deemed “memory safe” for implementation.
Common languages susceptible to format string attacks include:
1. C
2. C++
1e73be39-d353-4b1e-aac8-d076c9493f57
Use a managed language
Managed languages such as C# and Java are generally not susceptible to format string attacks and should be used whenever possible.
Note: Managed code makes format string attacks extremely difficult to encounter however not impossible. For instance, managed code can call into unmanaged code and a format string attack can occur there.
1. Port component to use managed language or a memory-safe language such as C# or Java.
true
0
3cb25340-48d7-426e-919e-e987aad8b780
Use of printf classes of functions without specifying explicit format string
When user input is blindly used as an input parameter with a printf class of function without specifying a format string an attacker can potentially perform malicious activities such as read and write to arbitrary memory.
Code Review
Manually inspect source code for instances were the component is calling a printf class function.
Example 1:
1 void SayHello(char * Name)
2 {
3 printf(Name);
4 }
On line 3, note how printf is called without specifying an explicit format string. An attacker could provide inputs such as “%x%x%n” to exploit this coding pattern.
Automated Code Scanning Tools
Source code and binaries should be scanned with source code analysis and binary analysis tools respectively to detect common format string attacks.
5bf711be-d9fd-457a-8170-8f01ae091fdf
Perform input validation in code
For each instance where user input is used with a printf class of function, explicitly specify a format string.
Using the example from before, code should be fixed to ensure that explicit format strings are specified.
Example 1:
1 void SayHello(char * Name)
2 {
3 printf(“%s”,Name); /* Explicit format string %s provided */
4 }
false
0
7591314b-d3f0-48d7-aec4-cb7b63e51fff
b046b52f-ee02-4007-b980-ad53a043214f
HTTP Replay Attack
Attacker Replays old HTTP requests to the web server by monitoring the HTTP packets from USER-Server traffic. The web server will not be able to differentiate the request sent by an attacker. With HTTP Replay attack, the attacker captures the user's authentication cookie using monitoring software and replays it to the application to gain access under a false identity.
More information:
<http://www.softwaresecuritywiki.com/index.php?title=HTTP_Replay_Attack>
For Cookie replay attacks
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh02.asp>
The most common way to detect the potential of a HTTP Replay attack:
1. User access valid site (ex: www.abcbank.com)
2. User submits a request. (ex: for money transfer)
3. Attacker tries to capture the HTTP packet using any sniffing tool. (ex. Netmon)
4. Attacker replays the packet and tries to access the actual site through this information.
5. If actual site consumes the request & process it then it is prone to HTTP replay attacks.
ad88e435-7efc-49d1-bdc1-184bcb690f2e
Ineffective or lacking verification of uniqueness of a request
The inability to differentiate between an authentic request and a fake request will allow an attacker to perform a replay of a request and hence perform unauthorized actions. When an application does not store state to uniquely identify each user it is vulnerable to HTTP attack.
1. Check for couple of requests for the same/different user.
2. Check for uniqueness of request in application parameters like cookie, viewstate and also through timestamp, digital signature etc.
8dfd62db-cd93-4e0e-8727-0b86df344778
Provide a secure end-to-end communication channel between server and client (e.g., SSL)
All traffic passed between the client and the application server should be secured. SSL is a protocol for secure network communications using a combination of public and secret key cryptography. Primarily it is used to encrypt Web communications.
1. For implementation of SSL in IIS, refer <http://support.microsoft.com/kb/299875/en-us>
true
0
8ffda936-a069-4209-bfd7-dd5c3374d33e
Associate state with requests & users
Since HTTP is a stateless protocol each request is independent of the previous one and this allows an attacker to interlace his request with a client request. In order to ensure that each subsequent request originated from the client some common identifying across each request needs to be maintained. This can be done using language supported features.
Data sent by the user must be validated on the server for each request.
Authenticate each request by adding unique session identifier to HTTP Request.
Example : ViewStateUserKey
If you authenticate your callers and use ViewState, set the Page.ViewStateUserKey property in the Page_Init event handler to prevent one-click attacks.
Protect against spoofed post backs.
void Page_Init (Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
ViewStateUserKey = User.Identity.Name;
// ViewStateUserKey = Session.SessionID;
}
For more information:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh10.asp>
false
0
548fa953-ef4f-4153-9ade-2605b11b7a3a
57a2b4e0-feb0-416f-bcbb-3730a200af43
Integer Overflow/Underflow
Integer <http://en.wikipedia.org/wiki/Integer_%28computer_science%29> arithmetics are frequently used in computer programs on all types of systems.
The register width <http://en.wikipedia.org/wiki/Register_width> of the processor determines the native type of integer and the range of operand values. Typical binary <http://en.wikipedia.org/wiki/Binary_numeral_system> sizes for integers include 8 bits, 16 bits, 32 bits (the most common width as of 2005), 64 bits, and 128 bits. Since a math operation may give a result larger than the available register width, an error condition may result.
On systems where the result of an arithmetic operation is simply stored, and no error is returned (this is the general case), it may not be possible for the software to determine that the value stored is erroneous. If an integer value is used to specify the location of other code or variable values in memory, the resulting pointer <http://en.wikipedia.org/wiki/Pointer> error may be exploited to create a buffer overflow condition or to write and execute arbitrary (and possibly harmful) code to the resulting (and unexpected) position.
Scan code performing arithmetic operations.
7039cb69-1163-4950-bd33-f2935d532fb7
Integer assignment or integer operations being carried out without validating the untrusted input
1. if (A + B > MAX) return -1;
03a2bc2f-e785-41ef-9f49-9cf961a8245d
Use Language features
Utilize platform checks for integer overflow/underflow.
The .NET environment makes several properties and compiler switches available to you which will improve the security of your Web service or application. These include:
1. C#: CheckForOverflowUnderflow (should be true)
2. VB.NET: RemoveIntegerChecks (should be false)
3. C++.NET: /GS should be included as a compiler flag which currently protects against overflows via the attack vector of the return address and frame pointer.
true
0
9744a151-460a-4f42-80aa-1bf00e8455d2
Validate user input
Using even safe string handling functions (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/strsafe.asp) can lead to overflow/underflows if you calculate the buffer size incorrectly. Validate the untrusted input for upper and lower limits.
1. Compile C and C++ code with the highest possible warning level, /W4.
2. Use size_t or DWORD for buffer sizes and element counts. There is no reason to use a signed value for such constructs.
3. Keep in mind that a size_t is a different type depending on the platform you use. A size_t is the size of a memory address, so it is a 32-bit value on a 32-bit platform, but a 64-bit value on a 64-bit platform.
4. If your code performs any kind of integer manipulation (addition, multiplication, and so on) where the result is used to index into an array or calculate a buffer size, make sure the operands fall into a small and well-understood range.
5. Be wary of signed arguments to memory allocation functions (new, malloc, GlobalAlloc, and so on) because they are treated as unsigned integers.
6. Watch out for operations that yield C4018, C4389, and C4244 warnings.
7. Watch out for casts that cast away the C4018, C4389, and C4244 warnings.
8. Investigate all use of #pragma warning(disable, Cnnnn) that disable the C4018, C4389, and C4244 warnings. In fact, comment them out, re-compile, and check all new integer-related warnings.
9. Code migrated from other platforms or compilers may make different assumptions about data sizes. Watch out!
10. If calling unmanaged code from managed code, make sure you confirm that it is signed correctly. Many arguments to Win32 APIs are unsigned ints or DWORDs, and many managed code variables are signed.
11. Finally, if you are using managed code, make sure you catch OverflowExceptions, if appropriate.
false
0
7591314b-d3f0-48d7-aec4-cb7b63e51fff
c652fad5-5c06-40c9-8f71-074ea889a421
6b81ecc2-ca5a-42c8-80b6-b48ed1178124
LDAP Injection
The Lightweight Directory Access Protocol (LDAP) API provides a mechanism for connecting to, searching, and modifying internet directories. A LDAP (Lightweight Directory Access Protocol) injection attack exploits vulnerabilities in input validation to run arbitrary LDAP statements against information directories. It can occur when your application uses input to construct dynamic LDAP statements to access directory services. Using the LDAP injection attack, the attacker can execute arbitrary statements against the directory services.
More information: <http://www.spidynamics.com/assets/documents/LDAPinjection.pdf>
The most common way to detect the potential of a LDAP Injection attack:
1. Identify entry points that collect user input such as text boxes, query string parameters, etc.
2. Insert any character (‘(‘, ‘|’, ‘&’) as an input and submit the request.
3. Identify whether an exception/error message was generated relating to LDAP (e.g., Page cannot be displayed).
Please note that the exception may be logged therefore simply checking the UI for an error message will no be sufficient.
56e02953-06bd-4fcc-97bc-2f264cfdcfb4
Dynamic LDAP queries using untrusted input
The application or component constructs a LDAP statement at runtime. The filter part is a bit more complicated and provides the mechanism for LDAP injections. User input is not validated on the server-side or the validation is inappropriate. Input validation can follow the principle of exclusions or the principle of inclusions. The principle of exclusions defines an exclusion list of characters that are unacceptable whereas under the principle of inclusions one defines an inclusion list of acceptable characters.
As example:
strLDAPStmt = “(some attribute=Request.QueryString(“userinput”))” //query becomes ‘(some attribute=user input)(|(cn=*))’
1. Identify code in the application/component which constructs LDAP statements dynamically.
2. Identify user input that is being used to construct dynamic LDAP statements without being validated. Example:
strLDAPStmt = “(some attribute=Request.QueryString(“userinput”))”
3. Identify user input that is only being validated on the client side (for example, using JavaScript).
4. Identify user input that is being validated against an inclusion list of unacceptable characters.
42319d22-558e-47cf-81fc-5129509143d9
Untrusted input should be validated against an inclusion list
For each input, define what is acceptable though either a regular expression, a list of acceptable characters, domain constrains or type casting and enforce this validation on the server side.
This can be implemented by one or more means. For example, one can:
1. Build a regular expression that defines an inclusions list of acceptable character sequences. For example:
if (Regex.IsMatch(Request.Form["ZIP"], "^\d{5}-\d{4}$"))
{
// validation passed
}
else
{
// validation failed
}
2. If the input is of a primitive type, one can cast it. For example:
int x = Int.Parse(Request.Form(“param”))
3. If the input can only be from a small (but varying) domain, one can define conditional statements to validate them. For example:
if ( (Request.Form(“favColor”) == “RED”) || (Request.Form(“favColor”) == “ORANGE”) )
{
// validation passed
}
else
{
// validation failed
}
true
0
09ef2c16-83bb-4905-9430-2e3bc622f9ff
9ab2b6fb-6464-4f6b-929f-ccdc68bf7b39
Man in the Middle Attack
A man in the middle attack occurs when the attacker intercepts messages sent between the sender and receiver. The attacker then changes message and sends it to the original recipient.
The receiver has no way to identify if the message is from the actual sender.
Here the attacker is spoofing the identity of both sender and receiver.
More information: <http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecapd.mspx>
Any network request involving client-server communication is subject to man in the middle attacks. These include
· Web requests
· Distributed Component Object Model (DCOM) requests
· Calls to remote components
Web services
2a5b686b-82a5-4699-b51a-e17a5a6d5db3
Insecure Communication Channel
Data is transmitted in clear text if the communication from client to server is through insecure protocols such as http. Hence secure the communication using secure protocols such as https.
Check if the application is using any insecure protocol like http, ftp etc.
38a286dd-56d8-44bc-80e2-7c909037eeb2
Utilize SSL or IPSec w/ Encryption to establish a secure communication channel
Use SSL to secure the communication channel. All traffic passed between the client and the application server should be secured. SSL is a protocol for secure network communications using a combination of public and secret key cryptography. Primarily it is used to encrypt Web communications.
<http://support.microsoft.com/kb/299875/en-us>
true
0
d87670de-c190-4fd3-8ea4-1597974ac92c
Lacking or inappropriate mutual authentication
Mutual Authentication is a security feature in which a client must prove its identity to a server, and the server must prove its identity to the client, before any application traffic is sent over the network. Lacking or inappropriate mutual authentication makes the application prone to the Man-in-the-Middle attack.
Check if application is not using the client authentication feature in SSL (Server authentication is default in SSL), and HMACs.
abec5995-6474-4f06-aa30-abe334ce9691
Utilize a well-known authentication protocol to authenticate the server
Application should implement mutual authentication using Kerberos to authenticate both client and server.
For further information, refer the following link <http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsbd_int_nzfa.asp>
1. Mutual Authentication Using Kerberos
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/mutual_authentication_in_a_windows_sockets_service_with_an_scp.asp>
2. Mutual Authentication in a Windows Sockets Service with an SCP
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/mutual_authentication_in_a_windows_sockets_service_with_an_scp.asp>
3. Mutual Authentication using SSL
<http://support.microsoft.com/kb/299875/en-us#XSLTH3135121122120121120120>
true
0
8b44934f-9fd1-4137-91b5-8e998ebc508e
95d78715-0c58-4271-a5c0-21befce6c914
Network Eavesdropping
Network Eavesdropping is the act of monitoring network traffic for data, such as clear-text passwords or configuration information. With a simple packet sniffer, all plaintext traffic can be read easily. Also, lightweight hashing algorithms can be cracked and the payload that was thought to be safe can be deciphered.
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh15.asp>
The most common way to detect the potential of a Network Eavesdropping attack:
1. Install any sniffing tool (e.g. Network Monitor, packetyzer, etc…) and observe the communication channel between the source and destination server. Check whether packets captured in the sniffing tools shows sensitive or high business impact data (like password, connection strings, bank a/c numbers & cc number etc.) in clear text.
Below diagram shows packets captured in HTTP communication between client and server.
Note: Sensitive data sent in clear text is shown in the red color
31 6B 32 38 39 50 35 77 77 41 4D 3D 22 20 2F 3E 1k289P5wwAM=" />
04E0: 0D 0A 0D 0A 09 09 09 3C 69 6E 70 75 74 20 6E 61 .......<input na
04F0: 6D 65 3D 22 54 65 78 74 42 6F 78 31 22 20 74 79 me="TextBox1" ty
0500: 70 65 3D 22 74 65 78 74 22 20 76 61 6C 75 65 3D pe="text" value=
0510: 22 63 72 65 64 69 74 20 63 61 72 64 20 6E 6F 3A "credit card no:
0520: 20 34 34 33 33 20 34 34 35 36 20 34 32 33 33 20 4433 4456 4233
0530: 32 33 34 35 22 20 69 64 3D 22 54 65 78 74 42 6F 2345" id="TextBo
0540: 78 31 22 20 73 74 79 6C 65 3D 22 5A 2D 49 4E 44 x1" style="Z-IND
0550: 45 58 3A 20 31 30 31 3B 20 4C 45 46 54 3A 20 35 EX: 101; LEFT: 5
0560: 39 32 70 78 3B 20 50 4F 53 49 54 49 4F 4E 3A 20 92px; POSITION:
0570: 61 62 73 6F 6C 75 74 65 3B 20 54 4F 50 3A 20 31 absolute; TOP: 1
0580: 35 32 70 78 22 20 2F 3E 0D 0A 09 09 09 3C 69 6E 52px" />.....<in
0590: 70 75 74 20 74 79 70 65 3D 22 73 75 62 6D 69 74 put type="submit
05A0: 22 20 6E 61 6D 65 3D 22 42 75 74 74 6F 6E 31 22 " name="Button1"
a113e751-fcf2-417a-b8aa-1eede365161f
Communication channel is insecure (lacking confidentiality protection)
Channel communication is in clear text between client and server. As a result sensitive information or high business impact data (like password, connection strings, bank a/c numbers & cc number etc.) are transmitted in clear text.
1. Install any network monitoring tools (e.g. netmon, packetyzer, etc…)
2. Configure the tool to capture packets transmitted between client and server.
3. View the packet information shown by the tool & check whether the information is shown in clear text.
4. You can also recognize the channel by the type of protocol being used in the application. For example: FTP, HTTP, SNMP, TELNET, SMTP, POP3 are some examples of protocols which are inherently insecure and transmit data in clear text.
44d81f2a-1287-4cc3-84f9-082fc99a38a3
Utilize SSL or IPSEC w/ Encryption to establish a secure communication channel
SSL (Secure Socket Layer) provides encryption, authentication, and data integrity by using a public key infrastructure. When the SSL session is established, the server’s public key certificate is used to encrypt and exchange a shared secret between the client and server. This shared secret is then used to encrypt communications for the rest of the session. The following steps describe the process of establishing an SSL session:
1. The Web client requests the public key from the Web server.
2. The server sends the public key to the client.
3. The client sends the server a session key, encrypting it with the public key.
4. The server decrypts the session key received from the client by using the server’s private key.
HTTPS is the implementation of SSL over HTTP in web based applications.
Following packet capture shows encrypted information because of implementation of SSL over HTTP:-
0000 00 0c cf 6b 14 0a 00 11 43 a5 95 1b 08 00 45 00 ...k.... C.....E.
0010 01 10 62 57 40 00 80 32 b6 16 41 34 2a d4 9d 3c ..bW@..2 ..A4*..<
0020 d8 09 c7 fe 10 76 00 00 00 c2 04 63 00 50 62 bd .....v.. ...c.Pb.
0030 de f7 55 ed ed 63 50 18 fa c1 10 1d 00 00 16 03 ..U..cP. ........
0040 00 00 84 10 00 00 80 60 2f 84 ce 1e 24 62 6a d9 .......` /...$bj.
0050 50 3d 73 3a ec b3 d2 f3 d6 84 55 89 b7 9a 65 be P=s:.... ..U...e.
0060 98 4d b0 72 bb 91 33 22 aa 82 80 73 ed 06 8e c5 .M.r..3" ...s....
0070 b1 2f d0 4e 6e 88 84 de ca 29 e4 75 fc 1d ee ae ./.Nn... .).u....
0080 7c 34 40 86 1a ce 97 62 43 10 be 22 96 7a a1 79 |4@....b C..".z.y
Internet Protocol Security (IPSec) is a framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks, through the use of cryptographic security services. IPSec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.
For implementation of SSL & secure communication, refer the information provided in the following link: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT14.asp>
For implementation of IPSEC, refer the information provided in the following link. <http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx>
true
0
8b44934f-9fd1-4137-91b5-8e998ebc508e
d4d29c02-255b-41db-a4df-3a3985fa448a
One-Click Attack
One-click attack has been called by several names within the security community. It is can als be called -CSRF, Page bounce, and Session Riding attack. A one-click attack is, when a third-party attacker causes an action of their choice to be taken on a victim’s behalf at the vulnerable site. In a one-click attack, the attacker must entice the victim into clicking a link or viewing a web page that was generated by the attacker.
The attacker lures an unsuspecting user into browsing to the page, and then causes the page to be sent to the server where the view state is valid. The server has no way of knowing that the view state originated from the attacker.
Consider this example, where vulnerable.com authenticates the user and subsequently maintains state using session cookies. Vulnerable.com has an administration page, /admin/deluser.asp. This page expects a query with the ID number of the user to delete as a parameter to the query. The URL of such a request might look like this:
https://www.vulnerable.com/admin/deluser.asp?user=12345
To launch the attack, the attacker only has to entice the administrator into viewing a hostile web page while the victim’s session at vulnerable.com is still active.
The most common way to detect the potential of a one-click attack:
1. Identify the areas in the application which are performing critical operations (for ex. Deleting user, transferring funds etc.)
2. Verify if the application is re-authenticating the user at these points or not.
3. Verify if the application design checks whether these requests are being placed by the genuine users or not.
4. Create a duplicate pre-filled form and try to post it to same vulnerable site in the background to launch the attack.
233592a5-4075-48c9-ae81-cf3fb26b9046
Ineffective or lacking confirmation of user's actions
If any critical operation (e.g. deleting a user) is performed without or ineffective confirmation from user for that action then code is vulnerable to one click attack.
If ( Request.QueryString("user") <= MAX_USER )
{
DataAccess.DeleteUser( Request.QueryString("user") );
}
As the above code states that there is no re-authentication or confirmation for the action being performed and the user is deleted just on the value of “user” id received through query string.
1. Identify code in the application which is performing any critical operations (e.g. deleting a user, changing the account number, etc).
2. Check if the user is not re-authenticated before performing the operation or there is no user’s confirmation done for that action by the application.
da747ca3-3d6a-4ddc-99da-bde8b2298fed
Utilize human interactive proofs (HIPs) to confirm the action of an authenticated principle
Human interactive proofs (HIPs) are used to ensure that the process has not been scripted, in fact to prove human interaction with the system. If the process is not automated and possess a user’s interaction, it can mitigate the vulnerability.
1. HIPs can be implemented in ASP.NET code by using an abstract class “HipChallenge”. Thus, a page which implements it will have a HipValidator that coordinates the other controls and validates whether the user successfully solved the puzzle.
For example,
In this example, apart from user name and password the user must also enter text being displayed in the picture. It signifies that the process is not automated and actual user has performed the operation. Eventually, if the text entered by the user will match the text displayed in the picture, authentication process will complete.
More information on HIP: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspp/html/hip_aspnet.asp>
false
0
3c01a6ed-4997-48e8-b964-bb3245bad727
Make the request that encapsulates the users action unique for each authenticated user
Setting the ViewStateUserKey property can help to prevent one-click attacks on your application from malicious users. It does this by allowing you to assign an identifier to the view state variable for individual users so that they cannot use the variable to generate a one-click attack. You can set this property to any string value, such as the user's session ID or to the user's authenticated name.
If the application is not using ASP.NET, the following advice may prove helpful in developing countermeasures to this attack:
If your site places an un-guessable secret (such as the value of the session ID) in hidden form fields, and checks for it before servicing any request, then the attacker will be unable to create a form or querystring which your site will act upon.
1. If the application is ASP.NET, you can get the privilege of ViewStateUserKey by assigning a unique value to it.
void Page_Init (Object sender, EventArgs e)
{
if (User.Identity.IsAuthenticated)
ViewStateUserKey = User.Identity.Name;
}
2. For any code which has developed in ASP, you can generate a random number for each request and assign to a session variable as well as to a hidden variable of the form, which can be checked and validated before performing any critical operation.
true
0
548fa953-ef4f-4153-9ade-2605b11b7a3a
01e7e085-22c8-4c5b-a91a-41f6054d2cda
Password Brute Force
A Password Brute Force attack is an automated process of trial and error used to guess a user’s credentials until successfully found. Brute Force Attack is performed using an educated guess to attempt to narrow down the key value. For example, someone could begin guessing a password by using a person’s first and last names, then spouse’s name, then pet’s name, and continuing with other common strings for passwords.
More information: <http://www.owasp.org/columns/mburnett/brutegeneral.html>
The most common way to detect the potential of a Password Brute Force attack:
1. Identify an entry point that collects user credentials as input such as text boxes, query string parameters, etc.
2. Input guessed credentials; submit the request for n number of time until you succeed.[Note : this can also be automated via brute force tools]
1383e5e7-3516-4af4-8a87-21f66622f300
Ineffective or lacking password complexity check
Application or Component uses weak or easily guessable password (like accepting single character or single digit as a password, not checking for proper password length or complexity factor etc).
As Example
Password = “P”
1. Identify the application/component which interactively asks user credentials.
2. Try Create a user account with single alphabetic character(A to Z) or a weak password
Note: If you are able to create a weak password e.g a single digit password, it will only take 26 attempts from an attacker to brute force your password.
047465d2-46b6-4352-a85d-23d8c773c41c
Enforce password complexity requirement
All passwords strings must match the complexity requirements & must have the characteristics listed below.
Strong passwords must have the following characteristics:
· Be at least 15 alphanumeric characters long on accounts with administrator privileges and at least 8 alphanumeric characters long on all other passwords.
· Contain both upper and lower case characters (e.g., a-z, A-Z)
· Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./). One or more of the characters from the second (2) to sixth (6) positions must not be an alphabet character e.g. between A-Z or a-z.
· Are not words in any language, slang, dialect, jargon, acronym, etc..., known to the individual creating the password.
· Are not words that have the O’s changed to zeros and/or I’s to pipes.
· Are not based on personal information, names of family, etc.
false
0
14b9b63a-6c42-4ad6-b3cc-2a266ec7bf8c
Ineffective or lacking lockout policy
Account not locked after n number unsuccessful attempts.
1. Identify the application/component which interactively asks user credentials.
2. Enter wrong password for the user for n (=3) number of times.
3. Observe whether account locked or not.
6121662b-4f9d-4922-a921-256f48cd4868
Implement a lockout policy
Implement a lockout policy whereby n number of unsuccessful attempts disables the account. After n number of unsuccessful attempts account should be locked.
1. Create log for successful/unsuccessful logging attempts.
2. Check log for subsequent unsuccessful login attempts [e.g more than 3 times] & then lock that specific account.
true
0
57f1ccdf-d724-4c39-a521-3b6736e9f9d3
bfd6bd9e-a526-4d9d-9725-69f6b5a4b557
Repudiation Attack
Repudiation is the ability of users (legitimate or otherwise) to deny that they performed specific actions or transactions. Without adequate auditing/Logging, repudiation attacks are difficult to prove. Repudiation attack allows an attacker to carry out a transaction and leave no evidence that the transaction was performed by the attacker.
For more information, refer <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vbcon/html/vbconOverviewOfWebApplicationSecurityThreats.asp>
1. Check if the application is configured with anonymous authentication.
2. Check if the application implements a poor authorization model.
3. Check if application lacks logging or maintains ineffective logging.
cd0a41ad-19a5-4bb4-b6dd-f91e5e382ee6
Anonymous access enabled
Anonymous authentication method requires no username/password to access the site. Anyone can just type in the URL and access the site. Basically with anonymous authentication, each transaction/operation performed by the user cannot be mapped to the user.
1. In case of ASP.NET, anonymous authentication can be configured both at application level and machine level by using the authentication configuration element as give below:
<authentication
mode = "[None]">
</authentication>
· On Application level, it is configured in the web.config file
· On Machine level, it is configured in the machine.config file.
2. In IIS also, we can see the anonymous access option.
Go to IISàdefault website propertiesàdirectory securityàedit
Anonymous access check box is there. (Refer the snapshot below)
56b9b256-4feb-465f-8b2a-c73fbf7881aa
Disable anonymous access and authenticate every principle
Disable anonymous authentication and implement authentication for every principle.
In ASP.NET, application should implement windows, forms or passport authentication which enables application to uniquely identify the user.
· In case of ASP.NET, instead of setting mode to none, select any one from Windows, forms and passport authentication both in machine.config and web.config file as give below:
<authentication
mode = "[Windows|Forms|Passport|]">
</authentication>
· Uncheck the anonymous access option on IIS.
false
0
6688150c-4a79-4580-9139-9db5eea5f350
Application using a role-based authorization model
In role-based authorization model, roles that are assigned to the user determine the tasks that a user can perform. If the application uses poor role based authorized model where the transaction/operation performed by the user cannot be uniquely identified, this can result in repudiation attack.
· Check the application design, code for the authorization model.
acd82cd5-535b-46f8-aa63-e8b4c3a1abab
More granular authorization model to produce precise logs at all tiers
Authorization model used by the application should be more granular.
Authorization model should be implemented in such a way so that each transaction/operation performed by the user can be logged.
Implement role based authorization model which is more granular in nature. Application should log each transaction/operation performed by to user.
false
0
2e29a481-74ff-4580-a564-8cda7041eb27
Application lacks logging or maintains ineffective logging
If Application doesn’t maintain logs, it is not possible to keep track of the transactions/operations performed by the user.
Also, if application maintains ineffective logs which do not include transaction/operation performed by user, user can repudiate that user has not performed the transaction/operation.
1. In Web or FTP site
On the Web Site or FTP Site property sheet, if the enable logging checkbox is not selected.(Refer the snapshot below)
2. In SQL Server,
Go to SQL Server Properties -> Security Tab -> Audit Level option, if none is selected
3. In Application,
Any critical operation performed by the user in the application is not logged in the application log file.
7939ea2c-0c26-4483-b238-1f44ea5b0684
Implement proper and effective logging
Application should implement proper and effective logging with all the relevant information getting logged in the application log files. Logs should help in identifying the following:
· Identity transaction/operation preformed by the user in addition to the user name
· Time
Note: No sensitive information should be stored in logs (e.g., SSN, CC's, passwords, etc.)
1. In Web or FTP site, see if enable logging checkbox is selected.
2. In SQL Server, check if audit level is not set to none.
3. In Application, logging should be done programmatically for any critical operation performed by the user.
true
0
548fa953-ef4f-4153-9ade-2605b11b7a3a
1273656a-d20c-42c8-982d-75f25c2b9fac
Response Splitting
HTTP Response Splitting techniques provide attackers with new attack vectors for defacing website content and end-users. User controllable input parameters placed into HTTP response headers in the absence of adequate data validation creates the potential for HTTP Response Splitting attacks. HTTP Response Splitting attacks allow for both local and remote cache poisoning which can result in arbitrary content being displayed to website visitors. This type of attack is possible when server script code embeds user data in HTTP response headers in the absence of any data validation.
More information: <http://www.watchfire.com/resources/HTTPResponseSplitting.pdf>
The most common way to detect the potential of a Response Splitting attack:
1. Identify all the points where user controlled data is placed in to HTTP Response headers.
2. Try to send this payload in the input which supposedly is being placed in the response header by the application.
a. http://www.poorsite.com/abc.asp?Queryparameter=charset=%0d%0aContent-Length:%200%0d%0a%0d%0aHTTP/1.1%20200%20OK%0d%0aContent-Type:%20text/html%0d%0aContent-Length:%2019%0d%0a%0d%0a<html>Hacked!</html>
b. If you get back page with Hacked! displayed, then application is vulnerable to response splitting attacks.
Note: Response Splitting vulnerability is not exploitable in .Net Framework 1.0 SP3, 1.1 SP1 & 2.0.
3f59f9ac-7d46-4568-ac37-006639556dd5
HTTP Response headers populated with un-trusted input
The essence of HTTP Response splitting is the attacker's ability to send a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response, in the normal case. The first response may be partially controlled by the attacker, but this is less important. What is material is that the attacker completely controls the form of the second response from the HTTP status line to the last byte of the HTTP response body. Once this is possible, the attacker realizes the attack by sending two requests through the target.
As example: The application uses a Response.Redirect statement having a user input.
Response.Redirect(Request.Form("User_Input"))
1. Identify code in the application which constructs Response.Redirect statements dynamically with user controlled data.
6fa96039-0174-4fd7-95a7-5b47514cae9f
Perform context-sensitive encoding
For each input used in HTTP headers, it must be properly encoded using an encoding mechanism e.g. AntiXSS (http://msdn2.microsoft.com/en-us/security/aa973814.aspx). At a minimum strip CR and LF characters from data embedded into HTTP response headers.
This can be implemented by using the AntiXSS.UrlEncode function available in the AntiXSS library.
true
0
4aec6e7d-0c13-4af7-ad43-8be1a06ceb5c
Un-trusted input should be validated against an inclusion list
For each input, define what is acceptable though either a regular expression, a list of acceptable characters, domain constrains or type casting and enforce this validation on the server side.
This can be implemented by one or more means. For example, one can:
1. Strip CR and LF characters from data embedded in to HTTP response headers. For Example :
Function StripCRLFChar(strSource)
strSource=Replace(strSource,vbcr,"")
strSource=Replace(strSource,vblf,"")
strSource=Replace(strSource,vbcrlf,"")
StripCRLFChar=strSource
End Function
2. Build a regular expression that defines an inclusions list of acceptable character sequences. For example:
if (Regex.IsMatch(Request.Form["ZIP"], "^\d{5}-\d{4}$"))
{
// validation passed
}
else
{
// validation failed
}
3. If the input is of a primitive type, one can cast it. For example:
int x = Int.Parse(Request.Form(“param”))
4. If the input can only be from a small (but varying) domain, one can define conditional statements to validate them. For example:
if ( (Request.Form(“favColor”) == “RED”) || (Request.Form(“favColor”) == “ORANGE”) )
{
// validation passed
}
else
{
// validation failed
}
5. If input is URL then AsUrl function can be used to verify the user supplied URLs. For example
ReturnURL = AsUrl(ReturnURL)
The functionality implemented in AsUrl is as follows:
public static string AsUrl( string strInput )
{
if (strInput == null)
{
return "";
}
// this pattern will represent well-constrained URLs
string AURegex = @"^(?:http|https|ftp)://[a-zA-Z0-9\.\-]+(?:\:\d{1,5})?(?:[A-Za-z0-9\.\;\:\@\&\=\+\$\,\?/]|%u[0-9A-Fa-f]{4}|%[0-9A-Fa-f]{2})*$";
if (! Regex.IsMatch( strInput, AURegex ) )
{
throw new Exception( "Unsanitized value passed to AsUrl" );
}
return( strInput );
}
false
0
548fa953-ef4f-4153-9ade-2605b11b7a3a
53b8593e-074f-4d5f-84bb-dc2d59523f50
Session Hijacking
Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. In session hijacking an attacker using a captured, brute forced or reverse-engineered session ID seizes control of a legitimate user's Web application session while that session is still in progress. The severity of the damage incurred depends on what's stored in the session state.
The most common ways to detect the Session Hijacking attack are:
1. The communication channel is over HTTP
2. Site Vulnerable to XSS attack
3. Session IDs in URL
4. No authorization check in code.
5. Use of persistent cookies.
ad8ab792-4cd3-436d-ae8e-e8759f4bc1e1
Poor or predictable session identifiers
Session ID guessing involves gathering / generating a bunch of session IDs and "guessing" a valid session ID assigned to someone else. ASP.NET apps tend to be much less susceptible to this form of session hijacking because ASP.NET uses highly random 120-bit numbers for its session IDs unless you replace ASP.NET session IDs with IDs of your own.
1. Usage of predictable Session IDs like sequential numbers, weak pattern values.
6d9f9db4-af9b-4f5a-beac-197925202f8e
Use strong random numbers for session IDs
It is important that the session ID be unpredictable and the application utilizes a strong method for generating random IDs. It is also important that the session IDs must be of a sufficient length to make it infeasible that a brute force method could be used to successfully derive a valid ID within a reasonable time.
In implementation of Session ID should, need to fulfill the following criteria:
* It must be random - i.e. it should pass statistical tests of randomness.
* It must be unpredictable - i.e. it must be infeasible to predict what the next random value will be, given complete knowledge of the computational algorithm or hardware generating the ID and all previous ID’s.
* It cannot be reliably reproduced - i.e. if the ID generator is used twice with exactly the same input criteria, the result will be an unrelated random ID.
* Length of the value should be reasonably long.
true
0
9d812f72-1ab2-4b8a-94b7-568793688f85
Long session timeouts
For secure applications all session information should be time limited and allow for client-side cancellation, Session Timeout and server-side revocation. Failure to provide these security features and if the session has not been cancelled, it is very easy for any user to capture the last connection and use that session.
Login to the application and leave the application idle for a longer duration like 30 minutes
Login to application and after successful login, close the browser session. Now try to re-open the application. In both the cases, ideally application should ask for re-login.
bb535271-28f0-4236-a73b-4cb443fe2fd0
smaller session timeout windows
The session time frame plays a vital role in reducing the number of session hijack attacks. In order to hijack a session, an attacker should find out a valid session identifier with all the available means and should be able to reuse that before that time window expires. By making the time frames small enough, we can clearly reduce the attack surface to a great extent.
To set the timeout value in IIS,
* Right click on the virtual folder and open the ‘Website Properties’ dialog box.
* On virtual directory tab, click the Configuration button.
* In ‘Application Configuration’ dialog box, open up the ‘options’ tab.
* Enter proper session time out value in ‘Sesson Timeout’ text box. Note that this time is in minutes.
To set the timeout value in Web.config file for ASP.NET applications:
* Set the value of ‘timeout’ attribute of <sessionState> element to proper value. Note that this time is in minutes.
false
0
548fa953-ef4f-4153-9ade-2605b11b7a3a
cfe62a60-dcc2-4d33-8d29-2eed8fef196e
SQL Injection
A SQL injection attack exploits vulnerabilities in input validation to run arbitrary commands in the database. It can occur when your application uses input to construct dynamic SQL statements to access the database. It can also occur if your code uses stored procedures that are passed strings that contain raw user input. Using the SQL injection attack, the attacker can execute arbitrary commands in the database. The issue is magnified if the application uses an over-privileged account to connect to the database. In this instance it is possible to use the database server to run operating system commands and potentially compromise other servers, in addition to being able to retrieve, manipulate, and destroy data.
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000002.asp>
The most common way to detect the potential of a SQL Injection attack:
1. Identify entry points that collect user input such as text boxes, query string parameters, etc.
2. Insert the single quote character (‘) as an input and submit the request.
3. Identify whether an exception/error message was generated relating to SQL (e.g., .NET Framework SQLException).
Please note that the exception may be logged therefore simply checking the UI for an error message will no be sufficient.
ac19be3d-d86c-4cf8-b2d7-4e67196ddf8c
Use of Dynamic SQL
The application or database server constructs a SQL statement at runtime. As example:
strSQL = “SELECT * FROM TABLE1 WHERE COL1= ‘“ + Request.QueryString(“userInput”) + “’”
1. Identify code in the application which constructs SQL statements dynamically.
2. Identify stored procedures which construct SQL statements dynamically.
e30b7fe3-cfce-4296-a80d-6531880b3d0a
Use parameterized SQL statement
Parameterized SQL statements will accept characters that have special meaning to SQL (like single quote) without problems because they are strongly typed.
1. All SQL statements should be hard-coded in the application.
2. SQL statement parameters should be passed strongly typed.
.NET Framework (C#) example:
using (SqlConnection connection = new SqlConnection(connectionString))
{
DataSet userDataset = new DataSet();
SqlDataAdapter myDataAdapter = new SqlDataAdapter("SELECT * FROM TABLE1 WHERE COL1 = @colValue", connection);
myCommand.SelectCommand.Parameters.Add("@colValue ", SqlDbType.VarChar, 11);
myCommand.SelectCommand.Parameters["@colValue "].Value = Request.QueryString(“userInput”);
myDataAdapter.Fill(userDataset);
}
3. Stored procedured should also be invoked using parameterized SQL statements.
.NET Framework (C#) example:
using (SqlConnection connection = new SqlConnection(connectionString))
{
DataSet userDataset = new DataSet();
SqlDataAdapter myCommand = new SqlDataAdapter("StoredProcedure", connection);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
myCommand.SelectCommand.Parameters.Add("@paramValue", SqlDbType.VarChar, 11);
myCommand.SelectCommand.Parameters["@paramValue"].Value = Request.QueryString(“userInput”);
myCommand.Fill(userDataset);
}
true
0
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
Use stored procedure with no dynamic SQL
Stored procedures written in the database server with RAW or parameterized SQL statements.
1. If no parameters are needed, write your stored procedure using RAW SQL. Example:
CREATE PROCEDURE StoredProcedure
AS
SELECT * FROM TABLE1
GO
2. If parameters are needed for the stored procedure, construct parameterized SQL. Example:
CREATE PROCEDURE dbo.RunQuery
@var varchar(10)
AS
DECLARE @SQLString NVARCHAR(500)
DECLARE @ParmDefinition NVARCHAR(500)
SET @SQLString = N'SELECT * FROM TABLE1 WHERE COL1 = @value'
SET @ParmDefinition = N'@value varchar(10)'
EXECUTE sp_executesql @SQLString, @ParmDefinition, @value = @var
GO
More information: <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sp_ea-ez_2h7w.asp>
true
0
c8e53ffd-4431-4a6d-a9a1-98e7f594fd4a
Ineffective or lacking input validation
User input is not validated on the server-side or the validation is inappropriate. Input validation can follow the principle of exclusions or the principle of inclusions. The principle of exclusions defines an exclusion list of characters that are unacceptable whereas under the principle of inclusions one defines an inclusion list of acceptable characters. The appropriate validation is done by following the principle of inclusions.
1. Identify user input that is being used to construct dynamic SQL statements without being validated. Example:
strSQL = “SELECT * FROM TABLE1 WHERE COL1= ‘“ + Request.QueryString(“userInput”) + “’”
2. Identify user input that is only being validated on the client side (for example, using JavaScript).
3. Identify user input that is being validated against an inclusion list of unacceptable characters. For example an application that rejects the single quote (‘) character as a validation guard for potential SQL injection.
a8447521-2f73-4449-af81-f2525c959974
Untrusted input should be validated against an inclusion list
For each input, define what is acceptable though either a regular expression, a list of acceptable characters, domain constrains or type casting and enforce this validation on the server side.
This can be implemented by one or more means. For example, one can:
1. Build a regular expression that defines an inclusions list of acceptable character sequences. For example:
if (Regex.IsMatch(Request.Form["ZIP"], "^\d{5}-\d{4}$"))
{
// validation passed
}
else
{
// validation failed
}
2. If the input is of a primitive type, one can cast it. For example:
int x = Int.Parse(Request.Form(“param”))
3. If the input can only be from a small (but varying) domain, one can define conditional statements to validate them. For example:
if ( (Request.Form(“favColor”) == “RED”) || (Request.Form(“favColor”) == “ORANGE”) )
{
// validation passed
}
else
{
// validation failed
}
false
0
38eafd1a-25ec-4bb4-88c3-6e771e4b030f
dd368e70-c1f9-4142-9aac-7a3a3efeced6
XML Injection
An XML injection attack exploits vulnerabilities in input validation to create a new node to alter the program decision/flow. It can also be used to insert malicious characters into XML and break functionality. It occurs when the application uses input from the user to construct dynamic XML to send it to the backend database or does transformation to display it back to the user.
For More information:
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/wss_ch5_msgval.asp>
<http://msdn.microsoft.com/msdnmag/issues/02/04/xml/default.aspx>
The most common way to detect the potential of a XML Injection attack:
1. Identify entry points that collect user input such as form fields, query string parameters, etc.
2. Identify the XML attributes that may be injected in XML, causing an unexpected behavior (such as exceptions while parsing the generated file, reference to external entities, tampering data, etc)
3. If you use XML functions, such as constructing XML string or use XSLT template expansion with the tainted data, you are most likely vulnerable.
655ce576-b4a3-48e6-b66a-90e5f53003cc
Inappropriate or lacking schema validation
The application or database server constructs a XML statement at runtime using the user supplied data.
- Identify code in the application which processes XML data and check for XSD validation & validation errors.
a3224948-fb41-4755-bf3d-55202d491e1f
Use schema validation
A XSD (XML Schema Definition) is a recommendation of the World Wide Web Consortium (W3C). It is used to declare the structure of an XML document -which elements and attributes are allowed, is it a mandatory or an optional element, can there be more than one instance of an element, and so forth. Prevent XML injection attacks by ensuring that the XML input follows the rules specified in the schema.
Consider a below XML document that needs to have a Schema validation,
Books.xml:-
<?xml version="1.0"?>
<bookstore xmlns="generic">
<book genre="autobiography">
<title>The Autobiography of Benjamin Franklin</title>
<author>
<first-name>Ben</first-name>
<last-name>Franklin</last-name>
</author>
<price>89.88</price>
</book>
……
……
……
</bookstore>
Define a schema document Books.xsd for the above Books.xml file like below.
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="generic" elementFormDefault="qualified" targetNamespace="generic">
<xsd:element name="bookstore" type="bookstoreType"/>
<xsd:complexType name="bookstoreType">
<xsd:sequence maxOccurs="unbounded">
<xsd:element name="book" type="bookType"/>
</xsd:sequence>
</xsd:complexType>
<xsd:complexType name="bookType">
<xsd:sequence>
<xsd:element name="title" type="xsd:string"/>
<xsd:element name="author" type="authorName"/>
<xsd:element name="price" type="xsd:decimal"/>
</xsd:sequence>
<xsd:attribute name="genre" type="xsd:string"/>
</xsd:complexType>
<xsd:complexType name="authorName">
<xsd:sequence>
<xsd:element name="first-name" type="xsd:string"/>
<xsd:element name="last-name" type="xsd:string"/>
</xsd:sequence>
</xsd:complexType>
</xsd:schema>
Code Snippet:-
XmlSchemaCollection xsc = new XmlSchemaCollection();
xsc.Add("generic", HttpContext.Current.Server.MapPath("books.xsd"););
Validate(HttpContext.Current.Server.MapPath("books.xml"), xsc);
private void Validate(String filename, XmlSchemaCollection xsc) {
XmlTextReader reader = null;
XmlValidatingReader vreader = null;
reader = new XmlTextReader (filename);
vreader = new XmlValidatingReader (reader);
vreader.Schemas.Add(xsc);
vreader.ValidationEventHandler += new ValidationEventHandler (ValidationCallBack);
try { while (vreader.Read()) {} }
catch { Output.Text = "XML Document is not well-formed."; }
vreader.Close();
}
false
0
8547b53b-ebc1-4327-a2ce-a83cdd4156d3
Dynamic XML generation using untrusted input
User input such as form data/database values are concatenated by the application into an XML string. If the application does not validate or encode potentially malicious characters, a user may be able to inject additional XML data to create his/her own nodes or attributes within the string.
- Identify user input that is being used to construct dynamic XML to alter program decision/flow without being output encoded. Example:
strAuthor = Request.QueryString("author");
Response.Write “<name>" + strAuthor + "</name>";
5cf0b911-649c-407a-bed5-ecd86c8a3298
Perform context-sensitive encoding
For each input which is concatenated to an xml string do output encoding before displaying it to the page. Example, use AntiXSS.EncodeXML (http://msdn2.microsoft.com/en-us/security/aa973814.aspx) to do the output encoding.
This can be implemented as below For example, one can:
Response.Write "<From>" + AntiXSS.XmlEncode(strFrom) + "</From>";
AntiXSS can be found here:
http://msdn2.microsoft.com/en-us/security/aa973814.aspx
true
0
9a5f3f67-9d5f-41b6-ae63-0c73c3f465f7
Untrusted input should be validated against an inclusion list
For each input, define what is acceptable by using a regular expression, a list of acceptable characters, domain constraints or type casting and enforce this validation on the server side.
This can be implemented by one or more means. For example, one can:
1. Build a regular expression that defines an inclusions list of acceptable character sequences. For example:
if (Regex.IsMatch(Request.Form["ZIP"], "^\d{5}-\d{4}$"))
{
// validation passed
}
else
{
// validation failed
}
2. If the input is of a primitive type, one can cast it. For example:
int x = Int.Parse(Request.Form(“param”))
3. If the input can only be from a small (but varying) domain, one can define conditional statements to validate them. For example:
if ( (Request.Form(“favColor”) == “RED”) || (Request.Form(“favColor”) == “ORANGE”) )
{
// validation passed
}
else
{
// validation failed
}
false
0
16afa76d-14a2-4736-a2be-b9822ea5f295
e113bd90-f7a9-46b5-b2bb-12883fc635ad
Relevancies
7591314b-d3f0-48d7-aec4-cb7b63e51fff
Component utilizes C/C++ code
Component utilizes unmanaged code (e.g., C/C++).
5072626b-5643-4b84-973c-9d6180d06c21
Component performs file Input/Output (I/O)
Components performs file I/O.
404b751c-da61-428e-97f7-bcb279126328
Component exposes a Web browser interface
Component exposes a web-based browser interface.
2bba0a9a-2059-4cb3-b955-daade7c08aa0
Component utilizes Cryptography
Component utilizes cryptography.
8b44934f-9fd1-4137-91b5-8e998ebc508e
Component utilizes a network protocol
Component establishes communication over a network protocol.
548fa953-ef4f-4153-9ade-2605b11b7a3a
Component utilizes HTTP
Component establishes communication over HTTP protocol.
c652fad5-5c06-40c9-8f71-074ea889a421
Component performs arithmetic operations
Performs critical arithematic operations in managed code (e.g., C#).
09ef2c16-83bb-4905-9430-2e3bc622f9ff
Component constructs LDAP queries
Component constructs LDAP queries.
57f1ccdf-d724-4c39-a521-3b6736e9f9d3
Component utilizes Forms Authentication
Component accepts authentication using interactively entered credentials.
38eafd1a-25ec-4bb4-88c3-6e771e4b030f
Component constructs SQL queries
Component constructs SQL queries.
16afa76d-14a2-4736-a2be-b9822ea5f295
Component constructs XML data blobs
Component constructs XML blobs.
c8d24ba0-b392-4ff8-8dc9-b5e4da2c3ed6
Threats
fcce2da6-36e2-4fbc-94a3-2531c2e6e093
Confidentiality Threats
4dfef34b-3c05-4be1-9a5f-97777521a904
Unauthorized disclosure of <inserimento delle informazioni del nuovo prodotto> using <admin client> by <Admin>
This is an automatically generated threat affecting the <inserimento delle informazioni del nuovo prodotto> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin client
Data Effect:
L' amministratore utilizza l' applicazione client da una postazione localizzata e gestita internamente.
Vari attacchi (bug hardware, key logger,...) sono certamnte possibili ma ritenuti improbabili date le procedure di getsione.
Accept
2
0
Medium
Low
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
3ebebfa3-9907-4ecf-bdcf-3dd5198c3abd
false
true
d573f268-b963-4791-b703-286604e21ff0
Unauthorized disclosure of <invio delle informazioni> using <admin web-service> by <Admin>
This is an automatically generated threat affecting the <invio delle informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <admin client> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin web-service
Data Effect:
L' interazione puo' attraversare segmenti di reti non fidati.
Si e' deciso di ridurre il rischio associato ad attacchi come network eavesdropping e man in the middle attraverso l' uso del protocollo SSL.
Altri attacchi sono possibili (es. SQL injection) ma ritenuti improbaili (l'amministratore `e un utente fidato).
Reduce
4
0
Medium
Medium
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
b22de5ad-bc01-433e-be76-30b1ee08ce89
38a286dd-56d8-44bc-80e2-7c909037eeb2
true
false
0
1a0bae6c-db5d-4de1-aa4d-75237627332e
44d81f2a-1287-4cc3-84f9-082fc99a38a3
true
false
0
f921c3c3-70c5-4f9c-bec3-48f1b37a12f4
1c7e48d4-2b9c-4d7e-afb5-b0d7de374a1a
true
false
0
50eb1299-ae0f-4dfd-9900-eda114c29ad9
a8447521-2f73-4449-af81-f2525c959974
false
false
0
79dc9fd6-3072-4987-9d6d-f6cfd1af769f
false
true
a08df833-1e4c-4aa3-b50c-f4c948ef51c5
Unauthorized disclosure of <visualizza catalogo> using <web-site> by <Utente non registrato>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <Utente non registrato> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
022377b7-7fe4-4395-90e4-13732802038f
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e13b112d-e578-4601-a491-309ec7289b90
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
84d9fe24-edb4-465a-8576-ea413e8e6747
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
264126b7-a105-41c9-940c-7320953e71ad
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
0123d5da-98c4-41e8-bae5-a8c6b81bb34d
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
ccbe0b10-3c99-4e2e-ad62-fca72e5f4e78
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a21d0f67-f1f2-4fb8-89c5-f1ecea72df2f
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
3f145665-fa9b-45da-abbb-390009c60023
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
b7eecd70-501a-4dfc-bcd0-045803a75ade
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
34937369-ce45-449b-ac8f-a7e13da330cc
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
7cbb4e3d-909a-4ea6-9f2f-81af9569d31b
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
d58d9ed8-ef67-4ba5-a095-e0f3baea0f03
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
576db3bb-51ac-4dea-8552-dee9943816dc
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f3c6be89-2680-4742-bb87-33ededf8d130
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
3c194e8b-14b1-493c-b0b6-7d06bcf55f82
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
329f35cb-b86a-4fda-b857-f84ef898c848
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
7f3f7465-34e2-4e65-a903-2bb7150df417
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
52288529-7e33-4ed5-8fbf-9816fb737db9
false
false
21e5a337-2f9e-4297-bf3f-74fa72a30811
Unauthorized disclosure of <visualizza catalogo> using <web-site> by <Admin>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < R > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
067a40f0-af6b-462d-97c7-3fffce92dc49
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
c0098890-2524-467c-aadc-8072fa7b05d1
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
abe0d007-4c09-4f8a-a1bb-d1b37aca8ef5
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
0a3481a1-ba9a-4567-8d4e-b5755181cacf
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
09528a8e-66d7-4110-b06d-a4101d88bc67
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a93361de-92f9-42e6-a0bf-11dc83bc37ad
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
0bc0330d-7be8-486f-b087-85386cbaea0c
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
676b50f3-3f33-4c74-aa3b-3fd3034ac06b
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
efcd761f-1a61-4dc8-b755-12bd5d5d52b6
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0988c03e-4cdd-448e-b3bc-03d7911bfe7d
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
e5e6cf4f-24af-4139-a6d0-f69ea4051cc5
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fd6ae3f-30e1-4c7c-ae40-ce84f4997f81
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
85cf3594-b813-48b6-b46f-6f2572b2b63a
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
0fa87c44-f632-4541-bb88-3f636b3bc81a
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
fa712e8e-cd76-4332-b34f-f62c06989ad9
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
23a68379-27c5-4d1c-88b6-32a95893d164
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
45b64f37-ae93-4f5d-b641-c8fffb19d251
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
889d4bbd-ef64-4787-b47e-39f10b0f5af0
false
false
5b09dc9d-0e5c-471a-96b5-d89146016106
Unauthorized disclosure of <ottiene i dati> using <web-service> by <Utente non registrato>
This is an automatically generated threat affecting the <ottiene i dati> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-site> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-service
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
01099751-f322-4a43-8c30-7d9a2a21b0fe
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e87e3c7c-08b5-4bb1-a3d6-0c180b89eff5
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
cb8266ff-02f1-4856-8385-ce0edc65777f
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
21063015-29b9-436e-8fe7-5a64cd216312
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
4a4af247-b811-40a0-8319-d65054fd3b84
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
c945a070-c5f0-47c6-8df6-c5ca61a4a562
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
2a72de2c-8498-4427-bd37-e0f8628bca93
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
aa7a6087-8744-450f-b562-8e3ed5f3b849
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
5fe21346-a9ce-431c-96b9-eea0ed4a6536
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
29147e59-14b5-410e-b2b5-4f9bb20db773
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
7e9e7402-4299-4bb3-ad34-0648d4b04df7
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
6c48adec-9e58-4ec4-ac6a-d78c53d39634
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fb237c0-301d-4211-b442-0386a55ec1ce
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
0721dd03-6612-4329-9987-fdf74f1aa488
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
64a57d89-28cd-47bd-93d7-5749de4918c7
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
e4f234a9-3d64-46a6-aa4a-3f30ffb5d5ac
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
d28143de-91a8-4264-bb3e-5f677eb703d2
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
9011e631-da1d-4734-99e2-fed47c69a1de
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
6344be86-22bf-4682-bbfb-8bcebe8aed5e
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
62e23f55-86f4-482a-ae1f-b88a29d5e42a
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
72a51e15-41fb-4f2d-bfdd-2ed29e4ee64d
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
af2b728e-24be-4f6f-92bc-6f783a1f9d20
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
ce89d928-91c2-47ec-8407-4928ffd2662c
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
41e43dd8-de5d-4590-85c0-f485d7839f24
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
a565ba4a-29c4-44a9-b1d4-a6ce5703fc95
false
false
57ad9b2a-7f6f-4ef7-9ad2-f50d321760aa
Unauthorized disclosure of <richiesta catalogo> using <database server> by <Utente non registrato>
This is an automatically generated threat affecting the <richiesta catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-service> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: database server
Data Effect:
< R > <Informazioni prodotto>
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
74689e05-1383-47a3-bdb5-e8600110924a
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
c4dd364d-a55c-47e6-b0a0-6cae700f0fe4
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
7ea1de70-7d79-4fce-880e-da36d0d8b089
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a4607d7d-2157-4d67-98a0-33844c4d9278
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
9b1118b7-35e5-46ec-974a-5d04b2fdd8ae
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
e4412375-8e20-47fa-a755-9fb90e5ae4fb
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
af698271-1ea0-4aad-b51f-95a397bd3d39
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f48ab106-703c-4c8d-806a-a3f9dcb8cec8
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
f92218c6-37b0-40c9-aead-d31de4f923d4
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
d15600ef-ac33-4376-b5a0-e0dd9dcf56ab
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
f851c282-f536-482d-823d-efc9daae0177
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
6dfb7f4e-2a26-42be-ad75-338d80525c34
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
6a3c2374-8f4f-4426-a8b6-c5e45be43489
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
dbed26b8-a66b-488d-ae9b-b63071b439a3
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
db205d37-5e6b-4631-a05d-9311784df999
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
d141f2f6-ba47-4eef-80f1-618065371d14
false
false
85fbe5fe-1e3d-4985-b835-012218f09f67
Unauthorized disclosure of <registrazione informazioni> using <database server> by <web-service Role>
This is an automatically generated threat affecting the <registrazione informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
web-service Role < C > Informazioni prodotto
Details of the action:
Caller: <admin web-service> <impersonating : NETWORK_SERVICE>
Data Sent: <Informazioni prodotto>
Data Received
Component: database server
Data Effect:
< C > <Informazioni prodotto>
None
9
0
High
High
64bfa089-8150-4937-99fe-2f135b5a5f03
2509a883-87f6-413c-a9eb-00ce61e60ce7
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f6a0e280-527b-435a-8bd5-c2df00170b2a
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
86be95c6-78d1-4c00-8298-8ad6294e91ee
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
ed3aa7f0-1c9a-4054-a96a-ad7376a0ee57
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
e835d313-a603-46ba-ba30-7800ba18164d
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
a80b1ba0-1a62-4690-ab9e-c64af2f7cc0f
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a28cda8a-8dd9-4d3f-85b2-4d5798bad34d
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
433d9274-d558-4cbc-af4d-64fd74ad84ce
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0ccfc7f6-0460-4b0b-bbf4-679a0dbef847
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
7ac37cdd-5854-4bd4-b80a-6f013e3d7731
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
6d408fd2-0299-4366-aad9-9ca1303d1f47
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
a4b9d2e4-aa1a-46bc-8e52-bfb35b50cb60
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
a8818903-dbb5-4ffa-b42d-8a0c3e44bc55
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
888e87cc-120d-4ad5-a134-14b421ec47a8
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
d1fba958-2003-43ce-9d0a-96f4134df98a
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
816889d6-f47f-4142-bd33-f2c206f23528
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
b245ade5-345d-4a4d-be46-991b2f5b152e
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
29d94ab7-7005-46f7-8c77-64c216d3779d
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
94d7cd00-604c-4dd1-81bd-e4bd8621cb5a
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
68a68a6f-5090-4cce-84ad-a69ce4ebb7a9
false
false
d1d837d4-c6dd-429c-815d-4b804c3ec411
Integrity Threats
13ed1eb6-2ed4-4083-a222-20329356934d
Illegal execution of <visualizza catalogo> using <web-site> by <Utente non registrato>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <Utente non registrato> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
022377b7-7fe4-4395-90e4-13732802038f
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e13b112d-e578-4601-a491-309ec7289b90
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
84d9fe24-edb4-465a-8576-ea413e8e6747
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
264126b7-a105-41c9-940c-7320953e71ad
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
0123d5da-98c4-41e8-bae5-a8c6b81bb34d
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
ccbe0b10-3c99-4e2e-ad62-fca72e5f4e78
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a21d0f67-f1f2-4fb8-89c5-f1ecea72df2f
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
3f145665-fa9b-45da-abbb-390009c60023
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
b7eecd70-501a-4dfc-bcd0-045803a75ade
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
34937369-ce45-449b-ac8f-a7e13da330cc
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
7cbb4e3d-909a-4ea6-9f2f-81af9569d31b
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
d58d9ed8-ef67-4ba5-a095-e0f3baea0f03
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
576db3bb-51ac-4dea-8552-dee9943816dc
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f3c6be89-2680-4742-bb87-33ededf8d130
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
3c194e8b-14b1-493c-b0b6-7d06bcf55f82
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
329f35cb-b86a-4fda-b857-f84ef898c848
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
7f3f7465-34e2-4e65-a903-2bb7150df417
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
52288529-7e33-4ed5-8fbf-9816fb737db9
false
false
false
213e7ed7-1100-4d17-b37a-91df59bf3787
Illegal execution of <visualizza catalogo> using <web-site> by <Admin>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < R > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
067a40f0-af6b-462d-97c7-3fffce92dc49
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
c0098890-2524-467c-aadc-8072fa7b05d1
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
abe0d007-4c09-4f8a-a1bb-d1b37aca8ef5
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
0a3481a1-ba9a-4567-8d4e-b5755181cacf
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
09528a8e-66d7-4110-b06d-a4101d88bc67
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a93361de-92f9-42e6-a0bf-11dc83bc37ad
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
0bc0330d-7be8-486f-b087-85386cbaea0c
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
676b50f3-3f33-4c74-aa3b-3fd3034ac06b
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
efcd761f-1a61-4dc8-b755-12bd5d5d52b6
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0988c03e-4cdd-448e-b3bc-03d7911bfe7d
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
e5e6cf4f-24af-4139-a6d0-f69ea4051cc5
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fd6ae3f-30e1-4c7c-ae40-ce84f4997f81
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
85cf3594-b813-48b6-b46f-6f2572b2b63a
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
0fa87c44-f632-4541-bb88-3f636b3bc81a
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
fa712e8e-cd76-4332-b34f-f62c06989ad9
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
23a68379-27c5-4d1c-88b6-32a95893d164
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
45b64f37-ae93-4f5d-b641-c8fffb19d251
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
889d4bbd-ef64-4787-b47e-39f10b0f5af0
false
false
false
47604fb4-39b0-4b46-ad14-929998f36586
Illegal execution of <ottiene i dati> using <web-service> by <Utente non registrato>
This is an automatically generated threat affecting the <ottiene i dati> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-site> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-service
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
01099751-f322-4a43-8c30-7d9a2a21b0fe
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e87e3c7c-08b5-4bb1-a3d6-0c180b89eff5
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
cb8266ff-02f1-4856-8385-ce0edc65777f
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
21063015-29b9-436e-8fe7-5a64cd216312
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
4a4af247-b811-40a0-8319-d65054fd3b84
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
c945a070-c5f0-47c6-8df6-c5ca61a4a562
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
2a72de2c-8498-4427-bd37-e0f8628bca93
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
aa7a6087-8744-450f-b562-8e3ed5f3b849
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
5fe21346-a9ce-431c-96b9-eea0ed4a6536
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
29147e59-14b5-410e-b2b5-4f9bb20db773
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
7e9e7402-4299-4bb3-ad34-0648d4b04df7
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
6c48adec-9e58-4ec4-ac6a-d78c53d39634
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fb237c0-301d-4211-b442-0386a55ec1ce
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
0721dd03-6612-4329-9987-fdf74f1aa488
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
64a57d89-28cd-47bd-93d7-5749de4918c7
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
e4f234a9-3d64-46a6-aa4a-3f30ffb5d5ac
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
d28143de-91a8-4264-bb3e-5f677eb703d2
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
9011e631-da1d-4734-99e2-fed47c69a1de
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
6344be86-22bf-4682-bbfb-8bcebe8aed5e
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
62e23f55-86f4-482a-ae1f-b88a29d5e42a
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
72a51e15-41fb-4f2d-bfdd-2ed29e4ee64d
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
af2b728e-24be-4f6f-92bc-6f783a1f9d20
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
ce89d928-91c2-47ec-8407-4928ffd2662c
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
41e43dd8-de5d-4590-85c0-f485d7839f24
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
a565ba4a-29c4-44a9-b1d4-a6ce5703fc95
false
false
false
b8640581-9e2a-4549-96f5-23f6db50f140
Illegal execution of <richiesta catalogo> using <database server> by <Utente non registrato>
This is an automatically generated threat affecting the <richiesta catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-service> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: database server
Data Effect:
< R > <Informazioni prodotto>
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
74689e05-1383-47a3-bdb5-e8600110924a
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
c4dd364d-a55c-47e6-b0a0-6cae700f0fe4
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
7ea1de70-7d79-4fce-880e-da36d0d8b089
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a4607d7d-2157-4d67-98a0-33844c4d9278
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
9b1118b7-35e5-46ec-974a-5d04b2fdd8ae
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
e4412375-8e20-47fa-a755-9fb90e5ae4fb
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
af698271-1ea0-4aad-b51f-95a397bd3d39
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f48ab106-703c-4c8d-806a-a3f9dcb8cec8
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
f92218c6-37b0-40c9-aead-d31de4f923d4
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
d15600ef-ac33-4376-b5a0-e0dd9dcf56ab
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
f851c282-f536-482d-823d-efc9daae0177
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
6dfb7f4e-2a26-42be-ad75-338d80525c34
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
6a3c2374-8f4f-4426-a8b6-c5e45be43489
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
dbed26b8-a66b-488d-ae9b-b63071b439a3
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
db205d37-5e6b-4631-a05d-9311784df999
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
d141f2f6-ba47-4eef-80f1-618065371d14
false
false
false
b6900578-9f38-4870-856e-d3a6fc95d0b8
Illegal execution of <inserimento delle informazioni del nuovo prodotto> using <admin client> by <Admin>
This is an automatically generated threat affecting the <inserimento delle informazioni del nuovo prodotto> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin client
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
6922343d-d0dd-4779-b33e-790b144cace1
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f0ed9df8-380e-4f17-aead-81dbc7ab7155
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
d133f647-77cb-41b1-9e60-7a55c3cc1329
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
2f2b2991-e957-4f1d-8c47-0210350221a1
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
4141c6ce-e29d-4877-852f-4052d5892a1e
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
3bae2233-b105-436d-88c8-ff5da280a469
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
d1c8e0ec-6669-4f98-8f00-38fa08e959ca
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
07db93f4-b635-4b18-b46d-ddc930eda525
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
52007292-62d9-487d-8d8b-149c5a46777f
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
a73d0ec8-1bf2-4c28-83a0-9520d25a5693
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
445423dc-6e8e-4bde-9a94-69cd26abc7c5
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
cfcae546-d58e-45f3-a4b2-e345dcf1d885
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
90fd7484-6445-4e68-8dfe-2d58e6abf78d
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
377d60df-9a61-41ab-bb91-9c4d6b2bb235
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
267f55b5-f1bc-45cd-aa37-191314c496e1
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
3ebebfa3-9907-4ecf-bdcf-3dd5198c3abd
false
false
false
163b28b6-89b1-4a2c-9877-b21304d06a77
Illegal execution of <invio delle informazioni> using <admin web-service> by <Admin>
This is an automatically generated threat affecting the <invio delle informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <admin client> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin web-service
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
d6e6d61d-3055-46a2-bf1d-2aa76183ae93
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
3ea1e1d4-74da-442e-a844-cc0dc187a21c
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
3cad52bc-8c8e-4cc4-8499-54253604a6be
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
a9a0339e-22ff-4589-8211-6677709f3a93
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
29a0b7fe-3afc-400b-a8ea-c12cff844ba2
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f2f98c0b-ef46-44a5-b2e9-903d84aba07e
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
8c52194b-809b-424e-8f4c-d27849526afe
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
00681749-2776-46ce-b4b4-b742b7e730d9
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
69346cb8-6b01-49f5-adb6-f2f89bacc0e8
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
ea19d433-529a-42d5-8b0b-d6407bd7be59
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
3e05c254-3c44-4fca-8f23-255d1eaa17ce
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
68ede77b-0f03-40e2-82dc-2504191497ba
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
dca0d8f6-c486-4c86-a2a1-7f002786383c
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
fdc5298d-dc21-484f-8f09-28740895c286
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
99291cdc-c1b2-4d4e-b54c-f4f415c56d13
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
a63a6a02-cce6-41f8-987e-bdd019f27873
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
843730fa-f610-463b-bd00-a504ee43086a
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
1e1b087c-e32a-4b39-b292-f2f7e1428e35
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
846592eb-6aee-4b5b-8c1c-bd268a186dde
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
6ee262c0-7820-409a-82ac-8286a34c26d3
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
15ceb6da-60f9-4a43-bb06-30d6ff847b39
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
e2ccd436-a00e-4278-82fd-e94373d2098c
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
9560891f-5fe1-4696-ba89-175ed3200fb8
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
197e8cbf-039f-4189-91f0-4fe39c0993c5
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
779b0a73-32c7-44d3-8ef4-2e66ecad418c
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
ce07222f-1d0c-47ae-8f65-a6652e021f46
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
79dc9fd6-3072-4987-9d6d-f6cfd1af769f
false
false
false
e7c9a619-8334-4b3f-a77a-2910ece8df1b
Illegal execution of <registrazione informazioni> using <database server> by <web-service Role>
This is an automatically generated threat affecting the <registrazione informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
web-service Role < C > Informazioni prodotto
Details of the action:
Caller: <admin web-service> <impersonating : NETWORK_SERVICE>
Data Sent: <Informazioni prodotto>
Data Received
Component: database server
Data Effect:
< C > <Informazioni prodotto>
None
9
0
High
High
64bfa089-8150-4937-99fe-2f135b5a5f03
2509a883-87f6-413c-a9eb-00ce61e60ce7
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f6a0e280-527b-435a-8bd5-c2df00170b2a
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
86be95c6-78d1-4c00-8298-8ad6294e91ee
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
ed3aa7f0-1c9a-4054-a96a-ad7376a0ee57
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
e835d313-a603-46ba-ba30-7800ba18164d
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
a80b1ba0-1a62-4690-ab9e-c64af2f7cc0f
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a28cda8a-8dd9-4d3f-85b2-4d5798bad34d
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
433d9274-d558-4cbc-af4d-64fd74ad84ce
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0ccfc7f6-0460-4b0b-bbf4-679a0dbef847
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
7ac37cdd-5854-4bd4-b80a-6f013e3d7731
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
6d408fd2-0299-4366-aad9-9ca1303d1f47
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
a4b9d2e4-aa1a-46bc-8e52-bfb35b50cb60
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
a8818903-dbb5-4ffa-b42d-8a0c3e44bc55
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
888e87cc-120d-4ad5-a134-14b421ec47a8
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
d1fba958-2003-43ce-9d0a-96f4134df98a
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
816889d6-f47f-4142-bd33-f2c206f23528
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
b245ade5-345d-4a4d-be46-991b2f5b152e
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
29d94ab7-7005-46f7-8c77-64c216d3779d
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
94d7cd00-604c-4dd1-81bd-e4bd8621cb5a
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
68a68a6f-5090-4cce-84ad-a69ce4ebb7a9
false
false
false
b1ce141a-cbef-420b-9550-73db64d4c342
Availability Threats
6dad681b-2309-4853-b4e7-01be0dd02fcc
Ineffective execution of <invio delle informazioni> using <admin web-service> by <Admin>
This is an automatically generated threat affecting the <invio delle informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <admin client> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin web-service
Data Effect:
Effective countermeasures need heavy investments on the network and server infrstructure while the impact is low (the products are not real-time, so new products could be uploaded later without considerable loss).
Accept
1
0
Low
Low
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
8370f65f-6b7d-4a21-8a59-e9c0c05ec713
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
0a94a108-cdcc-4222-a644-eb7cdbe9baab
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
de511668-dd98-40bc-ac15-3a81e1ffa60d
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
79dc9fd6-3072-4987-9d6d-f6cfd1af769f
true
the service should be ideally 99% available for uploading new products.
false
d198670c-3a62-4707-8847-899af075b3c9
Ineffective execution of <visualizza catalogo> using <web-site> by <Utente non registrato>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <Utente non registrato> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
022377b7-7fe4-4395-90e4-13732802038f
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e13b112d-e578-4601-a491-309ec7289b90
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
84d9fe24-edb4-465a-8576-ea413e8e6747
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
264126b7-a105-41c9-940c-7320953e71ad
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
0123d5da-98c4-41e8-bae5-a8c6b81bb34d
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
ccbe0b10-3c99-4e2e-ad62-fca72e5f4e78
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a21d0f67-f1f2-4fb8-89c5-f1ecea72df2f
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
3f145665-fa9b-45da-abbb-390009c60023
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
b7eecd70-501a-4dfc-bcd0-045803a75ade
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
34937369-ce45-449b-ac8f-a7e13da330cc
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
7cbb4e3d-909a-4ea6-9f2f-81af9569d31b
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
d58d9ed8-ef67-4ba5-a095-e0f3baea0f03
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
576db3bb-51ac-4dea-8552-dee9943816dc
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f3c6be89-2680-4742-bb87-33ededf8d130
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
3c194e8b-14b1-493c-b0b6-7d06bcf55f82
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
329f35cb-b86a-4fda-b857-f84ef898c848
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
7f3f7465-34e2-4e65-a903-2bb7150df417
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
52288529-7e33-4ed5-8fbf-9816fb737db9
false
false
81e8ab12-a8dc-4b51-8843-05130ce02286
Ineffective execution of <visualizza catalogo> using <web-site> by <Admin>
This is an automatically generated threat affecting the <visualizza catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < R > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-site
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
067a40f0-af6b-462d-97c7-3fffce92dc49
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
c0098890-2524-467c-aadc-8072fa7b05d1
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
abe0d007-4c09-4f8a-a1bb-d1b37aca8ef5
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
0a3481a1-ba9a-4567-8d4e-b5755181cacf
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
09528a8e-66d7-4110-b06d-a4101d88bc67
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a93361de-92f9-42e6-a0bf-11dc83bc37ad
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
0bc0330d-7be8-486f-b087-85386cbaea0c
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
676b50f3-3f33-4c74-aa3b-3fd3034ac06b
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
efcd761f-1a61-4dc8-b755-12bd5d5d52b6
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0988c03e-4cdd-448e-b3bc-03d7911bfe7d
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
e5e6cf4f-24af-4139-a6d0-f69ea4051cc5
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fd6ae3f-30e1-4c7c-ae40-ce84f4997f81
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
85cf3594-b813-48b6-b46f-6f2572b2b63a
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
0fa87c44-f632-4541-bb88-3f636b3bc81a
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
fa712e8e-cd76-4332-b34f-f62c06989ad9
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
23a68379-27c5-4d1c-88b6-32a95893d164
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
45b64f37-ae93-4f5d-b641-c8fffb19d251
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
889d4bbd-ef64-4787-b47e-39f10b0f5af0
false
false
ce3bc60a-cc95-4e27-ad1f-2ec5800805a5
Ineffective execution of <ottiene i dati> using <web-service> by <Utente non registrato>
This is an automatically generated threat affecting the <ottiene i dati> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-site> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: web-service
Data Effect:
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
01099751-f322-4a43-8c30-7d9a2a21b0fe
7ae5fc8e-7776-4711-ba07-aa6b2a8c905c
false
false
0
e87e3c7c-08b5-4bb1-a3d6-0c180b89eff5
b287c964-8560-4add-90c3-d86f1b08437c
false
false
0
cb8266ff-02f1-4856-8385-ce0edc65777f
cb9c6443-3dad-4e7d-bbd7-3fb588e52a09
false
false
0
21063015-29b9-436e-8fe7-5a64cd216312
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
4a4af247-b811-40a0-8319-d65054fd3b84
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
c945a070-c5f0-47c6-8df6-c5ca61a4a562
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
2a72de2c-8498-4427-bd37-e0f8628bca93
7a0623e1-167a-4c9f-b770-2d7b289cd3c6
false
false
0
aa7a6087-8744-450f-b562-8e3ed5f3b849
1e73be39-d353-4b1e-aac8-d076c9493f57
false
false
0
5fe21346-a9ce-431c-96b9-eea0ed4a6536
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
29147e59-14b5-410e-b2b5-4f9bb20db773
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
7e9e7402-4299-4bb3-ad34-0648d4b04df7
03a2bc2f-e785-41ef-9f49-9cf961a8245d
false
false
0
6c48adec-9e58-4ec4-ac6a-d78c53d39634
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
2fb237c0-301d-4211-b442-0386a55ec1ce
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
0721dd03-6612-4329-9987-fdf74f1aa488
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
64a57d89-28cd-47bd-93d7-5749de4918c7
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
e4f234a9-3d64-46a6-aa4a-3f30ffb5d5ac
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
d28143de-91a8-4264-bb3e-5f677eb703d2
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
9011e631-da1d-4734-99e2-fed47c69a1de
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
6344be86-22bf-4682-bbfb-8bcebe8aed5e
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
62e23f55-86f4-482a-ae1f-b88a29d5e42a
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
72a51e15-41fb-4f2d-bfdd-2ed29e4ee64d
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
af2b728e-24be-4f6f-92bc-6f783a1f9d20
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
ce89d928-91c2-47ec-8407-4928ffd2662c
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
41e43dd8-de5d-4590-85c0-f485d7839f24
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
a565ba4a-29c4-44a9-b1d4-a6ce5703fc95
false
false
8de2f9eb-5d4e-4fe8-b90f-7a7a26a7faa0
Ineffective execution of <richiesta catalogo> using <database server> by <Utente non registrato>
This is an automatically generated threat affecting the <richiesta catalogo> action supporting the <Visualizzazione del catalogo> usecase. This use case is used to realize the follow net data effect:
Utente non registrato < R > Informazioni prodotto
Details of the action:
Caller: <web-service> <delegating>
Data Sent:
Data Received: <Informazioni prodotto>
Component: database server
Data Effect:
< R > <Informazioni prodotto>
None
9
0
High
High
987d67e3-823d-43ac-bcdb-13cfe6230d37
74689e05-1383-47a3-bdb5-e8600110924a
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
c4dd364d-a55c-47e6-b0a0-6cae700f0fe4
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
7ea1de70-7d79-4fce-880e-da36d0d8b089
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
a4607d7d-2157-4d67-98a0-33844c4d9278
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
9b1118b7-35e5-46ec-974a-5d04b2fdd8ae
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
e4412375-8e20-47fa-a755-9fb90e5ae4fb
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
af698271-1ea0-4aad-b51f-95a397bd3d39
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
f48ab106-703c-4c8d-806a-a3f9dcb8cec8
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
f92218c6-37b0-40c9-aead-d31de4f923d4
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
d15600ef-ac33-4376-b5a0-e0dd9dcf56ab
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
f851c282-f536-482d-823d-efc9daae0177
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
6dfb7f4e-2a26-42be-ad75-338d80525c34
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
6a3c2374-8f4f-4426-a8b6-c5e45be43489
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
dbed26b8-a66b-488d-ae9b-b63071b439a3
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
db205d37-5e6b-4631-a05d-9311784df999
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
d141f2f6-ba47-4eef-80f1-618065371d14
false
false
92928ffa-12ae-4eda-a2e6-14ae886b3bef
Ineffective execution of <inserimento delle informazioni del nuovo prodotto> using <admin client> by <Admin>
This is an automatically generated threat affecting the <inserimento delle informazioni del nuovo prodotto> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
Admin < C > Informazioni prodotto
Details of the action:
Caller: <Admin> <delegating>
Data Sent: <Informazioni prodotto>
Data Received
Component: admin client
Data Effect:
None
9
0
High
High
9d36f06b-1d9f-43ce-9ed4-ec2595d9e678
6922343d-d0dd-4779-b33e-790b144cace1
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f0ed9df8-380e-4f17-aead-81dbc7ab7155
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
d133f647-77cb-41b1-9e60-7a55c3cc1329
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
2f2b2991-e957-4f1d-8c47-0210350221a1
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
4141c6ce-e29d-4877-852f-4052d5892a1e
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
3bae2233-b105-436d-88c8-ff5da280a469
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
d1c8e0ec-6669-4f98-8f00-38fa08e959ca
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
07db93f4-b635-4b18-b46d-ddc930eda525
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
52007292-62d9-487d-8d8b-149c5a46777f
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
a73d0ec8-1bf2-4c28-83a0-9520d25a5693
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
445423dc-6e8e-4bde-9a94-69cd26abc7c5
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
cfcae546-d58e-45f3-a4b2-e345dcf1d885
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
90fd7484-6445-4e68-8dfe-2d58e6abf78d
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
377d60df-9a61-41ab-bb91-9c4d6b2bb235
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
267f55b5-f1bc-45cd-aa37-191314c496e1
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
3ebebfa3-9907-4ecf-bdcf-3dd5198c3abd
false
false
86419d7c-71be-4ff8-8fad-7fef38aa05e5
Ineffective execution of <registrazione informazioni> using <database server> by <web-service Role>
This is an automatically generated threat affecting the <registrazione informazioni> action supporting the <Aggiunta di nuovi prodotti al catalogo> usecase. This use case is used to realize the follow net data effect:
web-service Role < C > Informazioni prodotto
Details of the action:
Caller: <admin web-service> <impersonating : NETWORK_SERVICE>
Data Sent: <Informazioni prodotto>
Data Received
Component: database server
Data Effect:
< C > <Informazioni prodotto>
None
9
0
High
High
64bfa089-8150-4937-99fe-2f135b5a5f03
2509a883-87f6-413c-a9eb-00ce61e60ce7
3887d6c9-b907-4f1b-adbd-e6e4fb11eb43
false
false
0
f6a0e280-527b-435a-8bd5-c2df00170b2a
347db3b1-d3d4-4296-87e2-b2c1cefba2f6
false
false
0
86be95c6-78d1-4c00-8298-8ad6294e91ee
3cf6ed25-b7cf-46b7-a0d7-15b0446c8883
false
false
0
ed3aa7f0-1c9a-4054-a96a-ad7376a0ee57
02cc4a13-55f6-4baa-9b25-51411b1a58cc
false
false
0
e835d313-a603-46ba-ba30-7800ba18164d
9a998c11-2e57-4615-a4e3-42e8272dba9d
false
false
0
a80b1ba0-1a62-4690-ab9e-c64af2f7cc0f
a2de5053-07e7-4b84-9e1a-1362359b78fe
false
false
0
a28cda8a-8dd9-4d3f-85b2-4d5798bad34d
25a677b7-0e9a-48d7-a81a-ac883c14ee62
false
false
0
433d9274-d558-4cbc-af4d-64fd74ad84ce
8dfd62db-cd93-4e0e-8727-0b86df344778
false
false
0
0ccfc7f6-0460-4b0b-bbf4-679a0dbef847
38a286dd-56d8-44bc-80e2-7c909037eeb2
false
false
0
7ac37cdd-5854-4bd4-b80a-6f013e3d7731
abec5995-6474-4f06-aa30-abe334ce9691
false
false
0
6d408fd2-0299-4366-aad9-9ca1303d1f47
44d81f2a-1287-4cc3-84f9-082fc99a38a3
false
false
0
a4b9d2e4-aa1a-46bc-8e52-bfb35b50cb60
3c01a6ed-4997-48e8-b964-bb3245bad727
false
false
0
a8818903-dbb5-4ffa-b42d-8a0c3e44bc55
7939ea2c-0c26-4483-b238-1f44ea5b0684
false
false
0
888e87cc-120d-4ad5-a134-14b421ec47a8
6fa96039-0174-4fd7-95a7-5b47514cae9f
false
false
0
d1fba958-2003-43ce-9d0a-96f4134df98a
6d9f9db4-af9b-4f5a-beac-197925202f8e
false
false
0
816889d6-f47f-4142-bd33-f2c206f23528
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
b245ade5-345d-4a4d-be46-991b2f5b152e
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
29d94ab7-7005-46f7-8c77-64c216d3779d
e30b7fe3-cfce-4296-a80d-6531880b3d0a
false
false
0
94d7cd00-604c-4dd1-81bd-e4bd8621cb5a
d01fb160-0d2b-4b4d-867d-61fb319a5ddd
false
false
0
68a68a6f-5090-4cce-84ad-a69ce4ebb7a9
false
false