The designer will ensure application initialization, shutdown, and aborts are designed to keep the application in a secure state.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-6167	APP3140	SV-6167r1_rule	DCSS-2	Medium

Description
An application could be compromised, providing an attack vector into the enclave if application initialization, shutdown, and aborts are not designed to keep the application in a secure state. If an application fails without closing or shutting down processes or open sessions; authentication and validation mechanisms are in doubt. Responsible application development practices must be applied to ensure the failed application is handled gracefully to prevent creation of security risks.

Description

An application could be compromised, providing an attack vector into the enclave if application initialization, shutdown, and aborts are not designed to keep the application in a secure state. If an application fails without closing or shutting down processes or open sessions; authentication and validation mechanisms are in doubt. Responsible application development practices must be applied to ensure the failed application is handled gracefully to prevent creation of security risks.

STIG	Date
Application Security and Development Checklist	2014-12-22

Details

Check Text ( C-3043r1_chk )
The design of the application should account for the following: 1) Connections to databases are left open 2) Access control mechanisms are disabled. 3) Data left in temporary locations. Testing application failure will require taking down parts of the application. Examine application test plans and procedures to determine if this type of failure was tested. If test plans exist, validate the tests by performing a subset of the checks. If test plans do not exist, an application failure must be simulated. Simulate a failure. This can be accomplished by stopping the web server service and/or the database service. Also, for applications using web services, stop the web service and/or the database. Check to ensure that application data is still protected. Some examples of tests follow. Try to submit SQL queries to the database. Ensure that the database requires authentication before returning data. Try to read the application source files; access should not be granted to these files because the application is not operating. Try to open database files; data should not be available because the application is not operational. 1) If any of these tests fail, it is a finding.

Check Text ( C-3043r1_chk )

The design of the application should account for the following: 1) Connections to databases are left open 2) Access control mechanisms are disabled. 3) Data left in temporary locations.

Testing application failure will require taking down parts of the application. Examine application test plans and procedures to determine if this type of failure was tested. If test plans exist, validate the tests by performing a subset of the checks. If test plans do not exist, an application failure must be simulated. Simulate a failure. This can be accomplished by stopping the web server service and/or the database service. Also, for applications using web services, stop the web service and/or the database. Check to ensure that application data is still protected. Some examples of tests follow. Try to submit SQL queries to the database. Ensure that the database requires authentication before returning data. Try to read the application source files; access should not be granted to these files because the application is not operating. Try to open database files; data should not be available because the application is not operational.

1) If any of these tests fail, it is a finding.

Fix Text (F-16996r1_fix)
Fix any vulnerabilities found when the application is an insecure state (initialization, shutdown and aborts).