CAPEC-278 - Web Services Protocol Manipulation

An attacker manipulates functions and/or their values used by web-related protocols to cause a web application or service to react differently that intended, allowing the attacker to gain access to data or resources normally restricted or to cause the application or service to crash. This can either be performed through the manipulation of call parameters with unexpected values or by calling functions that should normally be restricted or limited.

Severity

Likelihood

Confidentiality

Integrity

Availability

The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can subvert functionality.

The attacker must be able to manipulate the targeted application or service.

Design: Range, size and value and consistency verification for any arguments supplied to applications and services from external sources and devise appropriate error response.

Design: Ensure that function calls that should not be manipulated by a user are not accessible to them.