Guide - Security SANS Top 25

Product Version

7.0

Product To Version

 
Status

final

1 Introduction

The 2011 CWE/SANS Top 25 Most Dangerous Software Errors is a list of the most widespread and critical errors that can lead to serious vulnerabilities in software. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

This guide provides a quick overview about Intershop's approaches to avoid such vulnerabilities.

1.1 References

1.2 Style Guides

2 SANS Top 25

RankScoreIDNameIntershop's solution
193.8CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

To avoid SQL injection vulnerability, only prepared statements with parameter binding are used.

See also Guide - OWASP Top Ten Project 2013.

283.3CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')Intershop does not execute any OS commands.
379.0CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')Intershop is Java-based and buffer overflows cannot happen.
477.7CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Intershop uses ISML encoding (<isprint> tag or stringToHTML() function). Additional encoding handlers can be registered and used for custom encoding requirements.
576.9CWE-306Missing Authentication for Critical Function

Every critical function is available for authenticated users only.

676.8CWE-862Missing Authorization

Intershop uses role and permission based authorization. Permissions are checked automatically for every function in the prefix-pipeline.

775.0CWE-798Use of Hard-coded CredentialsThere are no hard-coded credentials used in Intershop.
875.0CWE-311Missing Encryption of Sensitive Data

Intershop's encryption library uses standard encryption algorithms and implementations. All sensitive data can be encrypted.

974.0CWE-434Unrestricted Upload of File with Dangerous TypeThere is no file upload possibility in the storefront.Upload of files in the management application is only possible for authorized users. File validation for import files is implemented. Additional checks can be added as customization.
1073.8CWE-807Reliance on Untrusted Inputs in a Security Decision

Does not happen in the standard product. Ensured by code reviews.

1173.1CWE-250Execution with Unnecessary Privileges

The application servers and web servers use their own users with their own permissions.

1270.1CWE-352Cross-Site Request Forgery (CSRF)See Concept - Cross-Site Request Forgery Guard and Cookbook - Cross-Site Request Forgery Guard.
1369.3CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Checks in the prefix-pipeline and special pipelets that validate paths.

1468.5CWE-494Download of Code Without Integrity Check

Intershop never downloads source codes. Downloads of binary software artifacts happens through a secure channel.

1567.8CWE-863Incorrect Authorization

Intershop has standard ACL permission checks for every functionality (pipelines). Additionally pipelines have a visibility property, so that internal pipelines cannot be called externally.

1666.0CWE-829Inclusion of Functionality from Untrusted Control Sphere

3rd party libraries are selected carefully and are regularly checked to security vulnerabilities (e.g., VersionEye).

1765.5CWE-732Incorrect Permission Assignment for Critical Resource

Intershop has standard ACL permission checks for every functionality (pipelines). Roles can be assigned in Intershop Studio.

1864.6CWE-676Use of Potentially Dangerous FunctionDoes only affect C and C++, Intershop is Java-based.
1964.1CWE-327Use of a Broken or Risky Cryptographic Algorithm

Intershop's encryption library uses standard encryption algorithms and implementations. Algorithms are configurable.

2062.4CWE-131Incorrect Calculation of Buffer SizeDoes only affect C and C++, Intershop is Java based.
2161.5CWE-307Improper Restriction of Excessive Authentication Attempts

Intershop has a mechanism that counts failed login attempts and disables the account for a certain period. Additionally captchas are supported.

2261.1CWE-601URL Redirection to Untrusted Site ('Open Redirect')

The prefix-pipeline checks ensure that redirect targets cannot come from parameters.

2361.0CWE-134Uncontrolled Format StringDoes not apply to Java.
2460.3CWE-190Integer Overflow or WraparoundIntershop uses code reviews and static code analysis.
2559.9CWE-759Use of a One-Way Hash without a SaltIntershop uses PBKDF2 with large random "Salt" values for unique password hashes.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Support Tickets