Criteria | System Manipulation

System Manipulation
Sideloaded
Description The installation of any application outside of a legitimate infrastructure such as the app store for the operating system in question is considered sideloading. Impact - Allow installation from unknown media, increasing the possibility of ...
USB flash drive attacks
Description It is possible to connect USB flash drives containing viruses to a corporate machine. This could allow an attacker to infect it with malicious software. Impact Infect machines with malware. Recommendation - Set physical access controls to ...
Log injection
Description The system logs entries that contain input from untrusted sources without properly validating, sanitizing or escaping their content. Impact Inject code or fake inputs in the systems log, compromising the integrity of logs, or in the worst ...
ARP spoofing
Description It is possible to supersede other MAC addresses in the network because the associated switch lacks protection mechanisms, such as PortSecurity. Impact - Steal sensitive information. - Facilitate other attacks such as Denial-of-Service DoS ...
Inadequate file size control
Description The system does not perform an adequate control of the size of the files that can be uploaded to the server. Impact - Consume server resources and storage to upload large files. - Lead to denial of service attacks if the server storage ...

Criteria | System Manipulation | Knowledge Base