Web application security - the fast guide 1.1 | Page 62
Chapter 3 - Vulnerabilities and threat models
P a g e | 62
Users are authenticated with Forms authentication.
Application is authenticated at the database by using Windows
authentication.
Roles are used to authorize access to business logic.
Administration can be performed only by physically logging on to the server
computer. No remote administration access is provided.
4) Application Decomposition
This section describes the trust boundaries, entry points, exit points, and data flows.
a) Trust Boun daries
Identified trust boundaries are:
The perimeter firewall.
The database server trusts calls from the Web application's identity.
The data access components trust the business components to pass fully
validated data.
An entry point to catalog administration business component.
b) Data Flows
Data flows are:
An anonymous user browses the product catalog. The catalog page calls the
catalog business component, which calls the catalog data access component
to request a catalog listing. The first page of product details are retrieved
from the database and returned to the catalog business component. The
data is bound to a data grid control and displayed on the catalog page.
An anonymous user submits a search string. The home page accepts the
search string and validates it by using a regular expression. The search
string must be less than 50 characters in length and may include any
combination of letters or numbers. The search string is passed to the data
access component. The data access component calls a stored procedure and
passes the search string as a single parameter.
The user logs on. The user submits a name and password through the logon
form. The user name and password are handled by the logon page and
passed to the membership business logic component. This component
passes the data to the data access component, which verifies the credentials
with the database to determine their validity.
A catalog administrator logs on and accesses the restricted catalog
administration page. The catalog administration component checks the user
role at the business layer. If the user is authorized, the business component
interacts with the catalog data access component to view and amend
product details.
c) Entry Points
Entry points are:
Port 80 for Web requests.
Port 443 for SSL.
All other ports are restricted by the firewall.