Question: Notation used: Unsigned argument: argument Signed Argument (ARGUMENT) Attacker-accessible argument in red text Attacker-accessible APls in black text Store arguments and code in blue text
Notation used: Unsigned argument: argument Signed Argument (ARGUMENT) Attacker-accessible argument in red text Attacker-accessible APls in black text Store arguments and code in blue text Cashier arguments and code in green text 1. Read through the following URLs representing HTTP interactions between three parties. Suggest potential security flaws for each of the arguments, as if this were a black-box and the back end code is unknown. The cart is the cart object stored by the Store. The IPN.Handler refers to the Instant Payment Notification API method used by the Store, where GoogleCbeckout notifies the Store immediately after the user makes a payment. 2. Store.com/checkout?nuce 3. Google.com/pay? (SESSIONID)& (CART)&(IPN HANDLER) 4. Store.com/(IPN_HANDLER)?(SESSIONID)& (STATUS) 5. Order has been completed Notation used: Unsigned argument: argument Signed Argument (ARGUMENT) Attacker-accessible argument in red text Attacker-accessible APls in black text Store arguments and code in blue text Cashier arguments and code in green text 1. Read through the following URLs representing HTTP interactions between three parties. Suggest potential security flaws for each of the arguments, as if this were a black-box and the back end code is unknown. The cart is the cart object stored by the Store. The IPN.Handler refers to the Instant Payment Notification API method used by the Store, where GoogleCbeckout notifies the Store immediately after the user makes a payment. 2. Store.com/checkout?nuce 3. Google.com/pay? (SESSIONID)& (CART)&(IPN HANDLER) 4. Store.com/(IPN_HANDLER)?(SESSIONID)& (STATUS) 5. Order has been completed
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help