Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-6150 | APP3060 | SV-6150r1_rule | DCPA-1 | Medium |
Description |
---|
Application code and data require two very different security requirements, authentication and authorization (especially in file access). Without proper authentication and authorization there is the potential for existing code to be changed. These changes in code can lead to a Denial of Service (DoS) attack or allow malicious code to be placed within the application. In addition, collocating application data and code complicates many issues such as backup, recovery, directory access privilege, and upgrades. |
STIG | Date |
---|---|
Application Security and Development STIG | 2014-04-03 |
Check Text ( C-3055r1_chk ) |
---|
Ask the application representative or examine the application documentation to determine the location of the application code and data. Examine the directory where the application code is located. 1) If the application data is located in the same directory as the code, this is a finding. |
Fix Text (F-16988r1_fix) |
---|
Separate the application data into a different directory than the application code. |