|
Threat Description |
Threat action aimed to perform illegal operations in a system that lacks the ability to trace the prohibited operations. |
|
Threat Target |
Website (WordPress) functionalities. |
|
Attacker Steps |
An attacker can deny his/her attacks if the application does not support proper security logging. |
|
Counter-measure |
The application should:
|
|
Existing Counter-measure |
N/A - it's a new project. |
The DREAD review is as follows:
|
DREAD
|
Details
|
Score /10
|
|
Damage |
Some or little. |
2 |
|
Reproducibility |
Can be reproduced any time. |
7 |
|
Exploitability |
The attacker will need some experience in application logging. |
3 |
|
Affected Users |
It can vary from 1 to more than 100. |
5 |
|
Discoverability |
The attacker needs to know the logging/monitoring architecture. |
1 |
|
Total |
3.6 |