Security Testing 简明教程
Components with Vulnerabilities
This kind of threat occurs when the components such as libraries and frameworks used within the app almost always execute with full privileges. If a vulnerable component is exploited, it makes the hacker’s job easier to cause a serious data loss or server takeover.
Let us understand Threat Agents, Attack Vectors, Security Weakness, Technical Impact and Business Impacts of this flaw with the help of simple diagram.
Example
The following examples are of using components with known vulnerabilities −
-
Attackers can invoke any web service with full permission by failing to provide an identity token.
-
Remote-code execution with Expression Language injection vulnerability is introduced through the Spring Framework for Java based apps.