Confused deputy
The confused deputy problem is where one system can abuse the trust another system has and will execute a command that it would not ordinarily be allowed to do. Consider a system that issues refunds inside your system; you think that the system is safe, as it is a private API sitting behind your firewall, but what if an attacker manages to compromise your firewall? If they can detect that sending a POST request with a payload to a server will refund money to a bank or PayPal account then they do not even need to attempt to attack further into your infrastructure in order to get their payday. This scenario is all too common; when building systems, we place too much trust on the external defenses and run a principle of trust ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access