Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16812 | APP3600 | SV-17812r1_rule | DCSQ-1 | Medium |
Description |
---|
Canonical representation issues arise when the name of a resource is used to control resource access. There are multiple methods of representing resource names on a computer system. An application relying solely on a resource name to control access may incorrectly make an access control decision if the name is specified in an unrecognized format. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-12-22 |
Check Text ( C-17810r1_chk ) |
---|
Ask the application representative for code review or scan results from the entire application. This can be provided as results from an automated code review or a vulnerability scanning tool. See section 5.4 of the Application Security and Development STIG for additional details. If the results are provided from a manual code review, the application representative will need to demonstrate how canonical representation vulnerabilities are identified during code reviews. 1) If the results are not provided or the application representative cannot demonstrate how manual code reviews are performed to identify canonical representation vulnerabilities this is a finding. Examples of Canonical Representation vulnerabilities can be obtained from the OWASP website. |
Fix Text (F-17111r1_fix) |
---|
Protect against canonical representation attacks. |