The security concept is separated into two parts: the vulnerabilities of the Flarecast infrastructure and the protection of confidential resources.
The first part concerns attacks against the infrastructure from external or internal sources. This includes any kind of vectors including data manipulation as well as service disruption.
The following table gives a summary of such attack vectors, there risk and impact level as well as possible countermeasures.
| Attack Vector | Description | Risk Level | Impact Level | Countermeasure |
|---|---|---|---|---|
| Attacks concerning general web applications | ||||
| Cross-site request forgery (XSRF, CSRF) | Victim has an open VPN session and runs a malicious script from an attacker's server | 1 | ||
The above attack vectors are barely addressed for two reasons:
-