Naziv
|
Schema Poisoning
|
Sažetak
|
An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.
|
Preduvjeti
|
Some level of access to modify the target schema.|The schema used by the target application must be improperly secured against unauthorized modification and manipulation.
|
Rješenja
|
['Design: Protect the schema against unauthorized modification.', 'Implementation: For applications that use a known schema, use a local copy or a known good repository instead of the schema reference supplied in the schema document.', 'Implementation: For applications that leverage remote schemas, use the HTTPS protocol to prevent modification of traffic in transit and to avoid unauthorized modification.']
|