Documentos de Académico
Documentos de Profesional
Documentos de Cultura
ID: 14
CATEGORY: Tampering
DESCRIPTION:
If SERVIDOR DE BD is given access to memory, such as shared memory or pointers, or is given the
ability to control what Servidor executes (for example, passing back a function pointer.), then
SERVIDOR DE BD can tamper with Servidor. Consider if the function could work with less access to
memory, such as passing data rather than pointers. Copy in data provided, and then validate it.
SHORT DESCRIPTION:Tampering is the act of altering the bits. Tampering with a process involves
changing bits in the running process. Similarly, Tampering with a data flow involves changing bits
on the wire or between two running processes.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 22
CATEGORY: Tampering
DESCRIPTION:
If Servidor is given access to memory, such as shared memory or pointers, or is given the ability to
control what SERVIDOR DE BD executes (for example, passing back a function pointer.), then
Servidor can tamper with SERVIDOR DE BD. Consider if the function could work with less access to
memory, such as passing data rather than pointers. Copy in data provided, and then validate it.
SHORT DESCRIPTION:Tampering is the act of altering the bits. Tampering with a process involves
changing bits in the running process. Similarly, Tampering with a data flow involves changing bits
on the wire or between two running processes.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
STATE: Not Started
PRIORITY: High
ID: 30
CATEGORY: Tampering
DESCRIPTION:
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an
instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements
should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically
valid queries that it receives. Even parameterized data can be manipulated by a skilled and
determined attacker.
SHORT DESCRIPTION:Tampering is the act of altering the bits. Tampering with a process involves
changing bits in the running process. Similarly, Tampering with a data flow involves changing bits
on the wire or between two running processes.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 29
CATEGORY: Spoofing
DESCRIPTION:
A may be spoofed by an attacker and this may lead to data being written to the attacker's target
instead of A. Consider using a standard authentication mechanism to identify the destination data
store.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 32
CATEGORY: Spoofing
DESCRIPTION:
A may be spoofed by an attacker and this may lead to incorrect data delivered to SERVIDOR DE BD.
Consider using a standard authentication mechanism to identify the source data store.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 41
CATEGORY: Spoofing
DESCRIPTION:
ADMINISTRADOR may be spoofed by an attacker and this may lead to data being sent to the
attacker's target instead of ADMINISTRADOR. Consider using a standard authentication
mechanism to identify the external entity.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 34
CATEGORY: Spoofing
DESCRIPTION:
ADMINISTRADOR may be spoofed by an attacker and this may lead to unauthorized access to
Servidor. Consider using a standard authentication mechanism to identify the external entity.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 11
CATEGORY: Spoofing
DESCRIPTION:
PAGINA WEB EN DISCO may be spoofed by an attacker and this may lead to incorrect data
delivered to Servidor. Consider using a standard authentication mechanism to identify the source
data store.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: PAGINAS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 13
CATEGORY: Spoofing
DESCRIPTION:
SERVIDOR DE BD may be spoofed by an attacker and this may lead to unauthorized access to
Servidor. Consider using a standard authentication mechanism to identify the source process.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 21
CATEGORY: Spoofing
DESCRIPTION:
Servidor may be spoofed by an attacker and this may lead to unauthorized access to SERVIDOR DE
BD. Consider using a standard authentication mechanism to identify the source process.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 1
CATEGORY: Spoofing
DESCRIPTION:
Usuario may be spoofed by an attacker and this may lead to data being sent to the attacker's
target instead of Usuario. Consider using a standard authentication mechanism to identify the
external entity.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 4
CATEGORY: Spoofing
DESCRIPTION:
Usuario may be spoofed by an attacker and this may lead to unauthorized access to Servidor.
Consider using a standard authentication mechanism to identify the external entity.
SHORT DESCRIPTION:Spoofing is when a process or entity is something other than its claimed
identity. Examples include substituting a process, a file, website or a network address.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 42
CATEGORY: Repudiation
DESCRIPTION:
ADMINISTRADOR claims that it did not receive data from a process on the other side of the trust
boundary. Consider using logging or auditing to record the source, time, and summary of the
received data.
SHORT DESCRIPTION:Repudiation threats involve an adversary denying that something happened.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 5
CATEGORY: Repudiation
DESCRIPTION:
Servidor claims that it did not receive data from a source outside the trust boundary. Consider
using logging or auditing to record the source, time, and summary of the received data.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 15
CATEGORY: Repudiation
DESCRIPTION:
Servidor claims that it did not receive data from a source outside the trust boundary. Consider
using logging or auditing to record the source, time, and summary of the received data.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 35
CATEGORY: Repudiation
DESCRIPTION:
Servidor claims that it did not receive data from a source outside the trust boundary. Consider
using logging or auditing to record the source, time, and summary of the received data.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 23
CATEGORY: Repudiation
DESCRIPTION:
SERVIDOR DE BD claims that it did not receive data from a source outside the trust boundary.
Consider using logging or auditing to record the source, time, and summary of the received data.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 2
CATEGORY: Repudiation
DESCRIPTION:
Usuario claims that it did not receive data from a process on the other side of the trust boundary.
Consider using logging or auditing to record the source, time, and summary of the received data.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 33
DESCRIPTION:
Improper data protection of A can allow an attacker to read information not intended for
disclosure. Review authorization settings.
SHORT DESCRIPTION:Information disclosure happens when the information can be read by an
unauthorized party.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 12
DESCRIPTION:
Improper data protection of PAGINA WEB EN DISCO can allow an attacker to read information not
intended for disclosure. Review authorization settings.
JUSTIFICATION:
<none provided>
INTERACTION: PAGINAS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 39
DESCRIPTION:
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 28
DESCRIPTION:
An attacker may pass data into SERVIDOR DE BD in order to change the flow of program execution
within SERVIDOR DE BD to the attacker's choosing.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 10
DESCRIPTION:
An attacker may pass data into Servidor in order to change the flow of program execution within
Servidor to the attacker's choosing.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 20
An attacker may pass data into Servidor in order to change the flow of program execution within
Servidor to the attacker's choosing.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 40
DESCRIPTION:
An attacker may pass data into Servidor in order to change the flow of program execution within
Servidor to the attacker's choosing.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 26
DESCRIPTION:
SERVIDOR DE BD may be able to impersonate the context of Servidor in order to gain additional
privilege.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: CONSULTA SQL
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 19
DESCRIPTION:
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 38
DESCRIPTION:
Servidor may be able to impersonate the context of ADMINISTRADOR in order to gain additional
privilege.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 18
DESCRIPTION:
Servidor may be able to impersonate the context of SERVIDOR DE BD in order to gain additional
privilege.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 8
Servidor may be able to impersonate the context of Usuario in order to gain additional privilege.
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 27
DESCRIPTION:
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 9
DESCRIPTION:
SHORT DESCRIPTION:A user subject gains increased capability or privilege by taking advantage of
an implementation bug.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 3
DESCRIPTION:
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 7
DESCRIPTION:
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 17
DESCRIPTION:
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 25
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 37
DESCRIPTION:
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 43
DESCRIPTION:
An external agent interrupts data flowing across a trust boundary in either direction.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: Response
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 31
DESCRIPTION:
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 6
DESCRIPTION:
Servidor crashes, halts, stops or runs slowly; in all cases violating an availability metric.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 16
DESCRIPTION:
Servidor crashes, halts, stops or runs slowly; in all cases violating an availability metric.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: DATOS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 36
Servidor crashes, halts, stops or runs slowly; in all cases violating an availability metric.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
INTERACTION: REQUESTS
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High
ID: 24
DESCRIPTION:
SERVIDOR DE BD crashes, halts, stops or runs slowly; in all cases violating an availability metric.
SHORT DESCRIPTION:Denial of Service happens when the process or a datastore is not able to
service incoming requests or perform up to spec.
JUSTIFICATION:
<none provided>
DIAGRAM: Diagram 1
CHANGED BY:
<none provided>
LAST MODIFIED:
Generated
PRIORITY: High