Improving Web Application Security: Threats and - CGISecurity

Chapter 2: Threats and Countermeasures 17●●●●Repudiation. Repudiation is the ability of users (legitimate or otherwise) to denythat they performed specific actions or transactions. Without adequate auditing,repudiation attacks are difficult to prove.Information disclosure. Information disclosure is the unwanted exposure of privatedata. For example, a user views the contents of a table or file he or she is notauthorized to open, or monitors data passed in plaintext over a network. Someexamples of information disclosure vulnerabilities include the use of hidden formfields, comments embedded in Web pages that contain database connection stringsand connection details, and weak exception handling that can lead to internalsystem level details being revealed to the client. Any of this information can bevery useful to the attacker.Denial of service. Denial of service is the process of making a system or applicationunavailable. For example, a denial of service attack might be accomplished bybombarding a server with requests to consume all available system resources orby passing it malformed input data that can crash an application process.Elevation of privilege. Elevation of privilege occurs when a user with limitedprivileges assumes the identity of a privileged user to gain privileged access to anapplication. For example, an attacker with limited privileges might elevate his orher privilege level to compromise and take control of a highly privileged andtrusted process or account.STRIDE Threats and CountermeasuresEach threat category described by STRIDE has a corresponding set of countermeasuretechniques that should be used to reduce risk. These are summarized in Table 2.1. Theappropriate countermeasure depends upon the specific attack. More threats, attacks,and countermeasures that apply at the network, host, and application levels arepresented later in this chapter.Table 2.1 STRIDE Threats and CountermeasuresThreatCountermeasuresSpoofing user identity Use strong authentication.Do not store secrets (for example, passwords) in plaintext.Do not pass credentials in plaintext over the wire.Protect authentication cookies with Secure Sockets Layer (SSL).Tampering with dataUse data hashing and signing.Use digital signatures.Use strong authorization.Use tamper-resistant protocols across communication links.Secure communication links with protocols that provide messageintegrity.(continued)