What interactions can you face while using the database?

The descriptions of the following threats contain snippets from MSDN Threats and Countermeasures descriptions.

• Data Flow HTTPS Is Potentially Interrupted

Category:        Denial Of Service

Description:     An external agent interrupts data flowing across a trust boundary in either direction. Can potentially disrupt traffic for all users querying the API.

• External Entity Human User Potentially Denies Receiving Data

Category:        Repudiation

Description:     Human User claims that it did not receive data from a process on the other side of the trust boundary.

• Spoofing of the Human User External Destination Entity

Category:        Spoofing

Description:     Human User may be spoofed by an attacker and this may lead to data being sent to the attacker’s target instead of Human User.

• Native Application Process Memory Tampered

Category:        Tampering

Description:     If Backend System is given access to memory, such as shared memory or pointers, or is given the ability to control what Web Facing API executes (for example, passing back a function pointer), then Backend System can tamper with Web Facing API.

• Replay Attacks

Category:        Tampering

Description:     Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways.

• Collision Attacks

Category:        Tampering

Description:     Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1.

• Elevation Using Impersonation

Category:        Elevation Of Privilege

Description:     Web Facing API may be able to impersonate the context of Backend System in order to gain additional privilege.