The application must utilize organization-defined data mining detection techniques for organization-defined data storage objects to adequately detect data mining attempts.
From Application Security and Development Security Technical Implementation Guide
Part of SRG-APP-000324
Associated with:
CCI-002347
SV-83949r1_rule
The application must utilize organization-defined data mining detection techniques for organization-defined data storage objects to adequately detect data mining attempts.
Vulnerability discussion
Failure to protect organizational information from data mining may result in a compromise of information.Data mining occurs when the application is programmatically probed and data is automatically extracted. While there are valid uses for data mining within data sets, the organization should be mindful that adversaries may attempt to use data mining capabilities built into the application in order to completely extract application data so it can be evaluated using methods that are not natively offered by the application. This can provide the adversary with an opportunity to utilize inference attacks or obtain additional insights that might not have been intended when the application was designed.Methods of extraction include database queries or screen scrapes using the application itself. The entity performing the data mining must have access to the application in order to extract the data. Data mining attacks will usually occur with publicly releasable data access but can also occur when access is limited to authorized or authenticated inside users.Data storage objects include, for example, databases, database records, and database fields.Data mining prevention and detection techniques include, for example: limiting the types of responses provided to database queries; limiting the number/frequency of database queries to increase the work factor needed to determine the contents of such databases; and notifying organizational personnel when atypical database queries or accesses occur.
Check content
Review the security plan, application and system documentation and interview the application administrator to identify data mining protections that are required of the application.
If there are no data mining protections required, this requirement is not applicable.
Review the application authentication requirements and permissions.
Review documented protections that have been established to protect from data mining.
This can include limiting the number of queries allowed.
Automated alarming on atypical query events.
Limiting the number of records allowed to be returned in a query.
Not allowing data dumps.
If the application requirements specify protections for data mining and the application administrator is unable to identify or demonstrate that the protections are in place, this is a finding.
Fix text
Utilize and implement data mining protections when requirements specify it.
Pro Tips
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer