An adversary manipulates a web service related protocol to cause a web application or service to react differently than intended. This can either be performed through the manipulation of call parameters to include unexpected values, or by changing the called function to one that should normally be restricted or limited. By leveraging this pattern of attack, the adversary is able to gain access to data or resources normally restricted, or to cause the application or service to crash.

Not present

Not present

1. The targeted application or service must rely on web service protocols in such a way that malicious manipulation of them can alter functionality.

1. The attacker must be able to manipulate the communications to the targeted application or service.

Not present

Not present

Not present