| |
|
NORA-4: Back Office |
Internal application service |
| |
|
Internal application service |
Junction |
| |
|
Internal application service |
Junction |
| |
|
URL filtering |
SC-7: Boundary Protection |
| |
|
NORA-6: Client |
Browser |
| |
|
Browser |
Junction |
| |
|
Browser |
Junction |
| |
|
Category blocking |
SC-7: Boundary Protection |
| |
|
SC-7: Boundary Protection |
SP-TE-28: Infection from malware, worms or trojans |
| |
|
NORA-1: External |
Application Component |
| Data in |
|
Application Component |
Junction |
| |
|
SC-13: Cryptographic Protection |
SP-TE-23: Adversary in the middle attack or network traffic modification |
| |
|
AC-3: Access Enforcement |
SP-TE-36: Unauthorized changes or manipulation of information data records |
| |
|
SI-3: Malicious Code Protection |
SP-TE-29: Web application attacks or code injection attack |
| |
|
SI-3: Malicious Code Protection |
SP-TE-28: Infection from malware, worms or trojans |
| |
|
SI-10: Information Input Validation |
SP-TE-29: Web application attacks or code injection attack |
| |
|
Data sanitization |
SI-10: Information Input Validation |
| |
|
Allowlisting |
SI-10: Information Input Validation |
| |
|
Blocklisting |
SI-10: Information Input Validation |
| |
|
Detailed validation |
SI-10: Information Input Validation |
| |
|
Junction |
Application Component |
| |
|
Junction |
Internal application service |
| |
|
Junction |
Browser |
| Data out |
|
Junction |
Application Component |
| |
|
SC-7(10): Boundary Protection | Prevent Exfiltration |
SP-TE-37: Compromise of confidential information or data breach |
![1. Outbound web security pattern [Threat Model]](../images/id-8a943308590d4b278dac98beffdf9afe.png)