UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The designer will ensure web services are designed and implemented to recognize and react to the attack patterns associated with application-level DoS attacks.


Overview

Finding ID Version Rule ID IA Controls Severity
V-19689 APP3760 SV-21830r1_rule DCSQ-1 Medium
Description
Because of potential denial of service, web services should be designed to recognize potential attack patterns.
STIG Date
Application Security and Development Checklist 2014-12-22

Details

Check Text ( C-24086r1_chk )
Ask the application representative for design documentation, review the design documentation and ensure the application employs methods for XML schema validation and disables use of inline XML Document Type Definition (DTD) schemas in XML parsing objects. Managing DTD parsing behavior is a key to preventing the invocation of XML bombs. DTD parsing is controlled within the .Net application framework in .NET applications.

1) If the design document does not exist or address the specified web service, it is a finding.

2) If the Application does not employ any method of schema validation, it is a finding.

3) If the Application does not disable the use of inline XML Document Type Definition (DTD) schemas it is a finding.
Fix Text (F-23043r1_fix)
Design Web services to recognize attacks.