Software and data integrity failures

When code and infrastructure are unable to protect against integrity violations, it could lead to security flaws impacting everything from frameworks to client-side machines.

This is one of OWASP's newer additions for 2021. OWASP references several familiar examples of this: when an "application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs)."

Auto-update functionality can also be problematic, particularly if said updates lack integrity verification at the time they are downloaded. Without this extra step, it's possible for attackers to upload updates on their own and even distribute these.

One of the best prevention strategies involves digital signatures, which are simple yet effective. These verify that data comes from desired sources, providing much-needed peace of mind as well as validation from the software itself.https://www.sitelock.com/blog/top-10-owasp-vulnerabilities/

SELECT id FROM users WHERE username = "sia"

Search This Blog

Software and data integrity failures

Software and data integrity failures

Comments

Post a Comment