Sunday, March 22, 2020
For Any course, any tutorial just email us at uopa Essays (530 words)
For Any course, any tutorial just email us at [emailprotected] If you provide any new syllabus (not available on our website), we will provide the tutorials at very reasonable cost Toys-R-Us Treat Vulnerability Spreadsheet Created: Threat Summary Diagram: Diagram 1 Treats: T he list below contains the top 8 findings, weaknesses, or vulnerabilities discovered during the treat modeling and during the treat vulnerability security assessment. Some of the issues listed here are merged from more than one section of the assessment report findings. Interaction: Generic Data Flow 1. Elevation Using Impersonation /Priority: High Category: Abuse Description: Customer credit card information stolen Justification: Identity thieves get most of stolen data at this process Interaction: HTTPS 2. Elevation Using Impersonation /Priority: High Category: Elevation of Privilege Description: Assets may be able to impersonate the context of Web Purchases External Interactor in order to gain additional privilege. Explanation : None Provided d 3. Spoofing the Web Purchases Exter nal Interactor External Entity/Priority: High Category: Spoofing Description: Toys R-Us Web Purchases External Interactor may be spoofed by an attacker and this may lead to unauthorized access to Toys R-Us Network Assets. Consider using a standard authentication mechanism to identify the external entity. Explanation: None Provided Interaction: Named Pipe 4. Weak Authentication Scheme/Priority: High Category: Information Disclosure Description: Custom authentication schemes are susceptible to common weaknesses such as weak credential change management, credential equivalence, easily guessable credentials, null credentials, downgrade authentication or a weak credential change management system. Consider the impact and potential mitigations for your custom authentication scheme. Explanation : None Provided 5. Elevation Using Impersonation /Priority: High Category: Elevation of Privilege Description: Assets may be able to impersonate the context of Activity in order to gain additional privilege. Explanation: Users/employees may access customer credit card or personal data Interaction: Named Pipe 6. Spoofing of Destination Data Store Generic Data Store /Priority: High Category: Spoofing Description: Customer Product Data Store may be spoofed by an attacker and this may lead to data being written to the attacker's target instead of Customer Product Data Store. Consider using a standard authentication mechanism to identify the destination data store. Explanation : Possible stolen or lost customer and company data leading to loss of capital 7. Potential Excessive Resource Consumption for Assets or Data Store /Priority: High Category: Denial of Service Description: Does Assets or Customer Product Data Store take explicit steps to control resource consumption? Resource consumption attacks can be hard to deal with, and there are times that it makes sense to let the OS do the job. Be careful that your resource requests don't deadlock, and that they do timeout. Explanation: None Provided Interaction: Named Pipe 8. Elevation Using Impersonation /Priority: High Category: Elevation of Privilege Description: Activity may be able to impersonate the context of Assets in order to gain additional privilege. Explanation: Users/employees may access customer credit card or personal data
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.