用户工具

站点工具


cwe:cn:definition:264

CWE-264:权限、特权与访问控制

Description Summary

Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Detection Methods

Detection Method - 1

Manual Static Analysis - Binary / Bytecode

According to SOAR, the following detection techniques may be useful:

Detection Method - 2

=== Dynamic Analysis with automated results interpretation === According to SOAR, the following detection techniques may be useful:

Detection Method - 3

Dynamic Analysis with manual results interpretation

According to SOAR, the following detection techniques may be useful:

Detection Method - 4

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Detection Method - 5

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Detection Method - 6

Architecture / Design Review

According to SOAR, the following detection techniques may be useful:

Potential Mitigations

Mitigation - 1

Architecture and Design

Strategy:Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

2013/05/30 12:46
cwe/cn/definition/264.txt · 最后更改: 2014/09/04 14:30 (外部编辑)