What interactions can you face while using the database?
The descriptions of the following threats contain snippets from MSDN Threats and Countermeasures descriptions.
- Data Flow HTTPS Is Potentially Interrupted
Category: Denial Of Service
Description: An external agent interrupts data flowing across a trust boundary in either direction. Can potentially disrupt traffic for all users querying the API.
- External Entity Human User Potentially Denies Receiving Data
Description: Human User claims that it did not receive data from a process on the other side of the trust boundary.
- Spoofing of the Human User External Destination Entity
Description: Human User may be spoofed by an attacker and this may lead to data being sent to the attacker’s target instead of Human User.
- Native Application Process Memory Tampered
Description: If Backend System is given access to memory, such as shared memory or pointers, or is given the ability to control what Web Facing API executes (for example, passing back a function pointer), then Backend System can tamper with Web Facing API.
- Replay Attacks
Description: Packets or messages without sequence numbers or timestamps can be captured and replayed in a wide variety of ways.
- Collision Attacks
Description: Attackers who can send a series of packets or messages may be able to overlap data. For example, packet 1 may be 100 bytes starting at offset 0. Packet 2 may be 100 bytes starting at offset 25. Packet 2 will overwrite 75 bytes of packet 1.
- Elevation Using Impersonation
Category: Elevation Of Privilege
Description: Web Facing API may be able to impersonate the context of Backend System in order to gain additional privilege.