CAPEC 22 Exploiting Trust in Client

Draft Meta High Risk

Severity High

Description

An attack of this type exploits vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by communicating directly with the server where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.

CAPEC 22 Exploiting Trust in Client

Description

Mitigations

Design: Ensure That Client Process And/Or Message Is Authenticated So That Anonymous Communications And/Or Messages Are Not Accepted By The System.

Design: Utilize Digital Signatures To Increase Authentication Assurance.

Implementation: Perform Input Validation For All Remote Content.

Design: Do Not Rely On Client Validation Or Encoding For Security Purposes.

Design: Utilize Two Factor Authentication To Increase Authentication Assurance.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Resources Required

CAPEC 22 Exploiting Trust in Client

Description

Mitigations

Design: Ensure That Client Process And/Or Message Is Authenticated So That Anonymous Communications And/Or Messages Are Not Accepted By The System.

Design: Utilize Digital Signatures To Increase Authentication Assurance.

Implementation: Perform Input Validation For All Remote Content.

Design: Do Not Rely On Client Validation Or Encoding For Security Purposes.

Design: Utilize Two Factor Authentication To Increase Authentication Assurance.

Consequences

Security Scopes Affected

Potential Impacts

Relationships

Child CAPECs

Resources Required

Iscriviti alla newsletter