Research Article
Automating Risk Analysis of Software Design Models
Listing 4
VOMS Admin mitigation planning.
| (1) (4.1) To refine results please answer a set of polar questions to refine identification in the DFDs: | | (2) *Are you Checking the Refer Header in the requests of all HTML form actions to determine if it originates from | | a trusted domain? [y/n] n | | (3) *Are you Synchronizing a Secret token pattern in all HTML form requests? [y/n] n | | (4) | | (5) (4.2) Pushed security by default, refining to give the desired usability | | (6) Answer [y/n] if it is OK to perform the following actions: | | (7) *Is it OK to Synchronizing a Secret token pattern in all HTML form requests? [y/n] y | | (8) | | (9) *Is it OK to Allow only alphanumeric characters in all fields of this payload? [y/n] n | | (10) | | (11) Computing best options… | | (12) | | (13) *Is it OK to HTML Encode all user supplied data before displaying it back to the web interface? [y/n] y | | (14) | | (15) | | (16) FINAL COUNTERMEASURES COMPUTED | | (17) (1) Checking Refer Header in the requests of all HTML form actions to determine if it comes from a trusted domain | | (18) (2) HTML Encode all user supplied data before displaying it back to the web interface | | (19) | | (20) # Reports available in out/report_design.pdf, out/report_implementation.pdf and out/report_verification.pdf |
|
