This project is read-only.

Threats and Attacks

Category Threats/Attacks
Auditing and Logging * Repudiation.** An attacker denies performing an operation, exploits an application without trace, or covers his or her tracks.
* Denial of service (DoS). An attacker overwhelms logs with excessive entries or very large log entries.
* Disclosure of confidential information. An attacker gathers sensitive information from log files.
Authentication * Network eavesdropping. An attacker steals identity and/or credentials off the network by reading network traffic not intended for them.**
* Brute force attacks. An attacker guesses identity and/or credentials through the use of brute force.**
* Dictionary attacks. An attacker guesses identity and/or credentials through the use of common terms in a dictionary designed for that purpose.**
* Cookie replay attacks. An attacker gains access to an authenticated session through the reuse of a stolen cookie containing session information.**
* Credential theft. An attacker gains access to credentials through data theft; for instance, phishing or social engineering.
Authorization * Elevation of privilege. An attacker enters a system as a lower-level user, but is able to obtain higher-level access.
* Disclosure of confidential data. An attacker accesses confidential information because of authorization failure on a resource or operation.**
* Data tampering. An attacker modifies sensitive data because of authorization failure on a resource or operation.**
* Luring attacks. An attacker lures a higher-privileged user into taking an action on their behalf. This is not an authorization failure but rather a failure of the system to properly inform the user.
* Token stealing. An attacker steals the credentials or token of another user in order to gain authorization to resources or operations they would not otherwise be able to access.
Configuration Management * Unauthorized access to configuration stores. An attacker gains access to configuration files and is able to modify binding settings, etc.
* Retrieval of clear text configuration secrets. An attacker gains access to configuration files and is able to retrieve sensitive information such as database connection strings.
Exception Management * Information disclosure. Sensitive system or application details are revealed through exception information.
* Denial of service. An attacker uses error conditions to stop your service or place it in an unrecoverable error state.
* Elevation of privilege. Your service encounters an error and fails to an insecure state; for instance, failing to revert impersonation.
Impersonation/Delegation * Elevation of privilege. An attacker is able to run in the context of a higher-privileged user.
* Disclosure of confidential information. An attacker gains access to data that should only be available to another user.
Message Encryption * Failure to encrypt messages. An attacker is able to read message content off the network because it is not encrypted.
* Theft of encryption keys. An attacker is able to decrypt sensitive data because he or she has the keys.
* Man-in-the-middle attack. An attacker can read and then modify messages between the client and the service.
Message Replay Detection * Session replay. An attacker steals messages off the network and replays them in order to steal a user’s session.
Message Signing * Data tampering. An attacker modifies the data in a message in order to attack the client or the service.
Message Validation * Canonicalization attacks. Canonicalization attacks can occur anytime validation is performed on a different form of the input than that which is used for later processing. For instance, a validation check may be performed on an encoded string, which is later decoded and used as a file path or URL.
* Cross-site scripting. Cross-site scripting can occur if you fail to encode user input before echoing back to a client that will render it as HTML.
* SQL injection. Failure to validate input can result in SQL injection if the input is used to construct a SQL statement, or if it will modify the construction of a SQL statement in some way.**
* XPath injection. XPath injection can result if the input sent to the Web service is used to influence or construct an XPath statement. The input can also introduce unintended results if the XPath statement is used by the Web service as part of some larger operation, such as applying an XQuery or an XSLT transformation to an XML document.
* XML bomb. XML bomb attacks occur when specific, small XML messages are parsed by a service resulting in data that feeds on itself and grows exponentially. An attacker sends an XML bomb with the intent of overwhelming a Web service’s XML parser and resulting in a denial of service attack.
Sensitive Data * Memory dumping. An attacker is able to read sensitive data out of memory or from local files.
* Network eavesdropping. An attacker sniffs unencrypted sensitive data off the network.
* Configuration file sniffing. An attacker steals sensitive information, such as connection strings, out of configuration files.
Session Management * Session hijacking. An attacker steals the session ID of another user in order to gain access to resources or operations they would not otherwise be able to access.
* Session replay. An attacker steals messages off the network and replays them in order to steal a user’s session.
* Man-in-the-middle attack. An attacker can read and then modify messages between the client and the service.
* Inability to log out successfully. An application leaves a communication channel open rather than completely closing the connection and destroying any server objects in memory relating to the session.
* Cross-site request forgery. Cross-site request forgery (CSRF) is where an attacker tricks a user into performing an action on a site where the user actually has a legitimate authorized account.
* Session fixation. An attacker uses CSRF to set another person’s session identifier and thus hijack the session after the attacker tricks a user into initiating it.
* Load balancing and session affinity. When sessions are transferred from one server to balance traffic among the various servers, an attacker can hijack the session during the handoff.


Last edited May 24, 2010 at 11:22 PM by paulenfield, version 1

Comments

No comments yet.