Database Reference
In-Depth Information
File Access Race Condition
The vulnerability code for File Access Race Condition is
AZ02
.
The program checks a property of a file, referencing the file by name. It later performs an
FSO operation using the same filename and assumes that the previously checked property
still holds.
Common SOA risks
Vulnerabilities represent risks materialized (or maybe not, depending on how good we
are) through various attacks. Any project (at least in practice) has a risk assessment. Se-
curity risks are the main part, especially for services with external exposure. This section
is critical and must stay tuned with the current security trends. OWASP is one of the
primary sources of trend information.
We took the OWASP top 10 data for 2013 (
https://www.owasp.org/index.php/
Top_10_2013
) and mapped it to the standard SOA security patterns, capable of mitigating
these threats.
Injection
Anything that can be inserted, implanted, or simply added to the command line or DB
query string could not only break data consistency or add unwanted data portion to the
dataset, but also execute some DB or OS command, allowing the attacker at the end to
gain complete control of the victim's system.
At the very least, the system will respond with an error message, and it is the architect's
responsibility to balance the SOA security, abstraction, and discoverability requirements.
Several factors make this risk number one in the top 10: difficulties in mitigation, number
of attack-automation tools, and potential devastation.
The following are the suggested patterns to apply:
•
Message Screening for inbound messages
: Implementation of this pattern is
based on establishing the Service Perimeter Guard (yet another pattern) in front of
the Service Perimeter and firewall. Additionally, it can be applied to a regular
ESB.
Search WWH ::
Custom Search