The Scientific World Journal / 2014 / Article / Alg 4

Research Article

Automating Risk Analysis of Software Design Models

Listing 4

VOMS Admin mitigation planning.
(1) (4.1) To refine results please answer a set of polar questions to refine identification in the DFDs:
(2) *Are you Checking the Refer Header in the requests of all HTML form actions to determine if it originates from
  a trusted domain? [y/n] n
(3) *Are you Synchronizing a Secret token pattern in all HTML form requests? [y/n] n
(4)
(5) (4.2) Pushed security by default, refining to give the desired usability
(6) Answer [y/n] if it is OK to perform the following actions:
(7) *Is it OK to Synchronizing a Secret token pattern in all HTML form requests? [y/n] y
(8)
(9) *Is it OK to Allow only alphanumeric characters in all fields of this payload? [y/n] n
(10)
(11) Computing best options…
(12)
(13) *Is it OK to HTML Encode all user supplied data before displaying it back to the web interface? [y/n] y
(14)
(15)
(16) FINAL COUNTERMEASURES COMPUTED
(17) (1) Checking Refer Header in the requests of all HTML form actions to determine if it comes from a trusted domain
(18) (2) HTML Encode all user supplied data before displaying it back to the web interface
(19)
(20) # Reports available in out/report_design.pdf, out/report_implementation.pdf and out/report_verification.pdf

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.