Risks from Logging Category: Tampering Description: Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area. Spoofing of Source Data Store SQL Database Category: Spoofing Description: Database Storage may be spoofed by an attacker and this may lead to incorrect data delivered to Backend System. Weak Access Control for a Resource Category: Information Disclosure Description: Improper data protection of Database Storage can allow an...
Category: Tampering
Description: Log readers can come under attack via log files. Consider ways to canonicalize data in all logs. Implement a single reader for the logs, if possible, in order to reduce attack surface area.
- Spoofing of Source Data Store SQL Database
Category: Spoofing
Description: Database Storage may be spoofed by an attacker and this may lead to incorrect data delivered to Backend System.
- Weak Access Control for a Resource
Category: Information Disclosure
Description: Improper data protection of Database Storage can allow an attacker to read information not intended for disclosure.
Category: Tampering
Description: Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways.
- Web Facing API Process Memory Tampered
Category: Tampering
Description: If Web Facing API is given access to memory, such as shared memory or pointers, or is given the ability to control what Backend System executes (for example, passing back a function pointer.), then Web Facing API can tamper with Backend System
Category: Tampering
Description: Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1.
- Weak Authentication Scheme
Category: Information Disclosure
Description: Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system.
- Elevation Using Impersonation
Category: Elevation Of Privilege
Description: Backend System may be able to impersonate the context of Web Facing API in order to gain additional privilege.