VESARiA Network Security Specialists
About Vesaria Services Consulting Partners Research Customers Contact Us
 

Web Application Security

   

VESARiA Web Application Security Model

    The VESARiA Web Application Security Model, the result of intensive research by VESARiA into web application vulnerabilities and weaknesses, pinpoints how web applications's are exploited, and shows how secure web apps defend themselves.  While the details of the model are proprietary, its top level breakdown is presented here.
  • Access Control
    • Access Control Mechanism & Implementation
    • Minimal Unauthenticated Access
    • Authentication Mechanism
    • Brute Force
    • Authentication Token (Prediction & Fixation)
  • Transport
    • Cryptography & Randomness
    • Confidentiality
    • Authenticity: Modification, Insertion, and Deletion
  • Information Leakage
    • Willful Leakage
    • Error Messages
    • Timing & Delays
    • Data Leakage
    • HTTP Headers
    • HTML Source: Comments, Scripts, Forms & URLs
  • Manipulation
    • Trust
    • Input Validation
    • Session & State
    • Low Level Manipulation
      • Memory Overwrites
      • Race Conditions
    • High Level Manipulation
      • File Names
      • Parse Manipulations
      • Insertion: SQL, Shell & Other
    • Access Rights & Business Rules
    • Manipulation of Users
      • Output Manipulation (Cross Site Scripting)
      • Input Manipulation: URLs, Cookies, & Request
  • Administration
    • Least Privilege
  • External Components
    • Network Infrastructure: DNS, Routers & Firewalls
    • Host Machines & Software
    • Client PCs & LANs
    • User Knowledge & Awareness
  • Robustness
    • Redundancy & Fault Tolerance
    • Least Privilege & Privilege Separation
    • Least Trust
    • Logging & Monitoring
    • Attack Detection & Intrusion Detection
    • Update Capability
  • Denial of Service
    • Resource Exhaustion
    • Limit Exhaustion
    • Protocol Violation

 

©2002 VESARiA Network Security Specialists.  This document may be reproduced, in whole or in part, provided that it is not modified and that proper credit is given.  In addition, if it is made accessible via hypertext, a hyperlink to VESARiA Network Security Specialists (http://www.vesaria.com) must be included.

Vesaria, LLC

 
© 2000 - 2017 Vesaria Network Security Specialists        
   About Vesaria   |   Legal   |   Privacy   |   Contact