Control Strategy IgnoreConfusedDeputyAttack

URI: CSG-IgnoreConfusedDeputyAttack

Description: Signifies that Service can be considered immune to a confused deputy attack that does not involve exploitation of a software vulnerability. This should be used when Service is programmed in such a way that it can only access a back-end service for specific clients. Do not use this if access to back-end services require OIDC- or OAuth-style tokens issued to the client - in that case add the OIDC/OAuth service along with the appropriate relationships from the client and to the back-end service(s).

(empty)

CC.AuD.CCCSCCS-i.3

Confused deputy as Client via Service: if service Service has access to a back-end service Process that is not normally available to Client, an untrustworthy client may send a malicious request to Service that to gain inappropriate access to Process.

(empty)

ClearDeputy at Role_Service

Control Strategy IgnoreConfusedDeputyAttack

Mitigated Threats (0)

Blocked Threats (1)

CC.AuD.CCCSCCS-i.3

Triggers Threats (0)

Control Sets (1)