![]() In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. Asking for help, clarification, or responding to other answers. This table shows the weaknesses and high level categories that are related to this weakness. Thanks for contributing an answer to Stack Overflow Please be sure to answer the question.Provide details and share your research But avoid. ![]() Improper Restriction of Communication Channel to Intended Endpoints Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. ![]() More specific than a Pillar Weakness, but more general than a Base Weakness. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.Ĭlass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. That is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. In many cases, the attack can be launched without the victim even being aware of it. The attacker could send malicious requests to a web site on behalf of the victim, which could be especially dangerous to the site if the victim has administrator privileges to manage that site. The attacker could transfer private information, such as cookies that may include session information, from the victim's machine to the attacker. Once the user has executed a malicious Flash or Silverlight application, they are vulnerable to a variety of attacks. Therefore, if a cross-domain policy file includes domains that should not be trusted, such as when using wildcards, then the application could be attacked by these untrusted domains.Īn overly permissive policy file allows many of the same attacks seen in Cross-Site Scripting ( CWE-79). If it is found, and the domain hosting the application is explicitly allowed to make requests, the request is made. When making a cross-domain request, the Flash or Silverlight client will first look for the policy file on the target server. A cross-domain policy file ("crossdomain.xml" in Flash and "clientaccesspolicy.xml" in Silverlight) defines a list of domains from which a server is allowed to make cross-domain requests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |