Trustworthiness Attribute Extrinsic-QI-TW

URI: Extrinsic-QI-TW

Description: Free of software vulnerabilities that allow injection of queries into a trusting back-end process.

This attribute is undermined by the misbehaviour LossOfExtrinsic-QI-TW

Represents a process (usually implemented by software running on a Host) that can read, update or create data, or exchange data with other processes.

CC.R.CDBSC.4

Query injection at Service into back end DB: an attacker having exploited a bug in Service when connected to DB, is able to send arbitrary queries to DB. This is modelled as an adverse behaviour in the inferred client channel representing their trust relationship, fulfilling the precondition for further threats using injected queries to access or alter data stored by DB.

Trustworthiness Attribute Extrinsic-QI-TW

Assets (1)

Threats (1)

CC.R.CDBSC.4