Research Article
Automating Risk Analysis of Software Design Models
Listing 4
VOMS Admin mitigation planning.
(1) (4.1) To refine results please answer a set of polar questions to refine identification in the DFDs: | (2) *Are you Checking the Refer Header in the requests of all HTML form actions to determine if it originates from | a trusted domain? [y/n] n | (3) *Are you Synchronizing a Secret token pattern in all HTML form requests? [y/n] n | (4) | (5) (4.2) Pushed security by default, refining to give the desired usability | (6) Answer [y/n] if it is OK to perform the following actions: | (7) *Is it OK to Synchronizing a Secret token pattern in all HTML form requests? [y/n] y | (8) | (9) *Is it OK to Allow only alphanumeric characters in all fields of this payload? [y/n] n | (10) | (11) Computing best options… | (12) | (13) *Is it OK to HTML Encode all user supplied data before displaying it back to the web interface? [y/n] y | (14) | (15) | (16) FINAL COUNTERMEASURES COMPUTED | (17) (1) Checking Refer Header in the requests of all HTML form actions to determine if it comes from a trusted domain | (18) (2) HTML Encode all user supplied data before displaying it back to the web interface | (19) | (20) # Reports available in out/report_design.pdf, out/report_implementation.pdf and out/report_verification.pdf |
|