Web application security - the fast guide 1.1 | Page 63
Chapter 3 - Vulnerabilities and threat models
P a g e | 63
The logon page, which is accessible to all Internet users. Logon is validated
by using client-side and server-side validation controls, together with a
common validation library.
The amend customer details page, which is accessible to authenticated
users only. Users are validated by using client-side and server-side
validation controls, together with a common validation library. This page
invokes functionality that can update customer details.
The (GetCustomerDetails) stored procedure, which can be called only by
the application's trusted service account. The upstream caller (trusted Web
application business logic) performs data validation. The invoked
functionality retrieves customer details.
The catalog administration page.
d) Exit Points
Exit points are:
The search page, which writes the client's search string and the
corresponding results.
The catalog page, which displays product details.
5) Threats
The following threats could affect the application:
Brute force attacks occur against the dictionary store.
Network eavesdropping occurs between the browser and Web server to
capture client credentials.
An attacker captures an authentication cookie to spoof identity.
SQL injection occurs, enabling an attacker to exploit an input validation
vulnerability to execute commands in the database and thereby access
and/or modify data.
Cross-site scripting occurs when an attacker succeeds in injecting script
code.
Cookie replay or capture occurs, allowing an attacker to spoof identity and
access the application as another user.
Information is disclosed and sensitive exception details are revealed to the
client.
An attacker manages to take control of the Web server, gain unauthorized
access to the database, and run commands against the database.
An attacker obtains the encryption keys used to encrypt sensitive data
(including client credit card numbers) in the database.
An attacker or client obtains unauthorized access to Web server resources
and static files.
6) 5. Vulnerabilities
The application vulnerabilities are:
User password storage.
Lack of password complexity enforcement.
Lack of password retry logic.
Missing or weak input validation at the server.
Failure to validate cookie input.
Failure to sanitize data read from a shared database.
Failure to encode output leading to potential cross-site scripting issues.