Home > CAPEC List > CAPEC-278: Web Services Protocol Manipulation (Version 2.11)  

CAPEC-278: Web Services Protocol Manipulation

 
Web Services Protocol Manipulation
Definition in a New Window Definition in a New Window
Attack Pattern ID: 278
Abstraction: Meta
Status: Draft
Completeness: Hook
Presentation Filter:
+ Summary

An attacker manipulates functions and/or their values used by web-related protocols to cause a web application or service to react differently that intended, allowing the attacker to gain access to data or resources normally restricted or to cause the application or service to crash. This can either be performed through the manipulation of call parameters with unexpected values or by calling functions that should normally be restricted or limited.

+ Attack Prerequisites
  • The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can subvert functionality.

+ Resources Required

The attacker must be able to manipulate the targeted application or service.

+ Solutions and Mitigations

Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.

Design: Ensure that function calls that should not be manipulated by a user are not accessible to them.

+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2014-06-23Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017