CAPEC 278 Web Services Protocol Manipulation

Draft Standard Unknown Risk

Description

An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.

CAPEC 278 Web Services Protocol Manipulation

Description

Mitigations

Design: Ensure That Function Calls That Should Not Be Called By An Unprivileged User Are Not Accessible To Them.

Design: Range, Size And Value And Consistency Verification For Any Arguments Supplied To Applications And Services From External Sources And Devise Appropriate Error Response.

Consequences

Consequence Information

Relationships

Parent CAPECs

Child CAPECs

Resources Required

CAPEC 278 Web Services Protocol Manipulation

Description

Mitigations

Design: Ensure That Function Calls That Should Not Be Called By An Unprivileged User Are Not Accessible To Them.

Design: Range, Size And Value And Consistency Verification For Any Arguments Supplied To Applications And Services From External Sources And Devise Appropriate Error Response.

Consequences

Consequence Information

Relationships

Parent CAPECs

Child CAPECs

Resources Required

Iscriviti alla newsletter