Java Reference
In-Depth Information
table 6.4 High-Severity threat Models for threat Proile (threat Proile/Scenario: Attacker
Can Use the User Accounts of other Legitimate e-Commerce Users of the Application)
Exploit
Possible Vulnerabilities
Severity of Exploit
SQL injection
—
The attacker
may craft SQL queries using
the input of the application
and gain access to the user
database containing
usernames and passwords,
from where all user accounts
are exposed to the attacker.
The attacker might also gain
access to administrative user
accounts by perpetrating
this attack, as the user
information for
administrators will also be
stored in the same database.
Lack of input validation at
the server level
Lack of parameterized SQL
requests to the database
Passwords for user accounts
are stored in an unencrypted
manner in the database
Information leakage—Error
messages displayed with
database query information
and full stack trace.
Application conigured to
use administrator account
for database access
High—The attacker can
compromise the entire
database by gaining access
to it. Not only is sensitive
data exposed to the attacker,
but the database is also
available for the attacker.
This leads to a complete
compromise of the database.
Stored cross-site scripting
attack—Attacker can enter
malicious JavaScript into the
user remarks input area of
the application. The user
remarks area is present for
every product sold on
Panthera's e-commerce
application, for the purposes
of ratings and product
testimonials. Malicious
JavaScript may cause
anything from denial of
service to session hijacking.
Lack of input validation for
data at the server level
Lack of output encoding
High—Stored cross-script
scripting is a more
debilitating attack, as most
users of the application may
be affected by it. The
attacker might inject the
malicious JavaScript, which
might redirect users from
the application to another
site. Crafted JavaScript could
also cause the Web server to
crash with overwhelming
requests, thereby causing
denial of service.
in addition to the results of the threat-modeling process. he authentication and authorization
requirements for Panthera's e-commerce application are implemented based on the following:
◾
Role-based access control
◾
Password management and policy
◾
Session management
◾
Storage of user credentials
◾
Other measures
6.4.1.1 Role-Based Access Control
Role-based access control
(RBAC) is an access control system where the authorization to speciic
resources in a system is given based on the roles that are performed by an individual in the orga-
nization. For instance, the users performing the accounting and billing function of Panthera only
Search WWH ::
Custom Search