CAPEC-240 Metadata
Likelihood of Attack
High
Typical Severity
High
Overview
Summary
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
Prerequisites
The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)
Potential Solutions / Mitigations
Ensure all input content that is delivered to client is sanitized against an acceptable content specification. Perform input validation for all content. Enforce regular patching of software.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
Taxonomy Mappings
Taxonomy: OWASP Attacks
| Entry ID | Entry Name |
|---|---|
| Link | Resource Injection |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.