CWE-807 Details

The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Einführungsmodi

Architecture and Design : COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic.
Implementation

Anwendbare Plattformen

Sprache

Class: Not Language-Specific (Undetermined)

Technologien

Class: Not Technology-Specific (Undetermined)
Class: Web Based (Undetermined)
Name: Web Server (Undetermined)

Häufige Konsequenzen

Beobachtete Beispiele

Mögliche Gegenmaßnahmen

Phases : Architecture and Design
Phases : Architecture and Design
Phases : Architecture and Design
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Phases : Operation // Implementation
When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.
Phases : Architecture and Design // Implementation

Erkennungsmethoden

Manual Static Analysis

Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.
Wirksamkeit : High

Automated Static Analysis - Binary or Bytecode

Wirksamkeit : SOAR Partial

Manual Static Analysis - Binary or Bytecode

Wirksamkeit : SOAR Partial

Dynamic Analysis with Automated Results Interpretation

Wirksamkeit : SOAR Partial

Dynamic Analysis with Manual Results Interpretation

Wirksamkeit : SOAR Partial

Manual Static Analysis - Source Code

Wirksamkeit : High

Automated Static Analysis - Source Code

Wirksamkeit : SOAR Partial

Architecture or Design Review

Wirksamkeit : High

Hinweise zur Schwachstellen-Zuordnung

Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Referenzen

REF-754

Top 25 Series - Rank 6 - Reliance on Untrusted Inputs in a Security Decision
Frank Kim.
https://www.sans.org/blog/top-25-series-rank-6-reliance-on-untrusted-inputs-in-a-security-decision/

REF-529

HMAC
https://en.wikipedia.org/wiki/HMAC

REF-756

Understanding ASP.NET View State
Scott Mitchell.
https://learn.microsoft.com/en-us/previous-versions/dotnet/articles/ms972976(v=msdn.10)?redirectedfrom=MSDN

REF-45

OWASP Enterprise Security API (ESAPI) Project
OWASP.
https://owasp.org/www-project-enterprise-security-api/

REF-1479

State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation
Gregory Larsen, E. Kenneth Hong Fong, David A. Wheeler, Rama S. Moorthy.
https://www.ida.org/-/media/feature/publications/s/st/stateoftheart-resources-soar-for-software-vulnerability-detection-test-and-evaluation/p-5061.ashx

Einreichung

Änderungen