A08:2021 – Software and Data Integrity Failures

Share on Twitter Share on Reddit Share on Pinboard Share on Newspipe
Get the object Export to a MISP galaxy Get only values in CSV Get only values in JSON

Description
Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. For example, where objects or data are encoded or serialized into a structure that an attacker can see and modify is vulnerable to insecure deserialization. Another form of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can introduce the potential for unauthorized access, malicious code, or system compromise. Lastly, many applications now include auto-update functionality, where updates are downloaded without sufficient integrity verification and applied to the previously trusted application. Attackers could potentially upload their own updates to be distributed and run on all installations.
Owning organization
OWASP
Validating JSON schema
Vulnerabilities (provided by MONARC)
Creator
Cedric
License
Creative Commons Zero v1.0 Universal

Related objects

Definition of the object 
{
    "authors": [
        "https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/"
    ],
    "code": "A08:2021",
    "description": "Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. For example, where objects or data are encoded or serialized into a structure that an attacker can see and modify is vulnerable to insecure deserialization. Another form of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs). An insecure CI/CD pipeline can introduce the potential for unauthorized access, malicious code, or system compromise. Lastly, many applications now include auto-update functionality, where updates are downloaded without sufficient integrity verification and applied to the previously trusted application. Attackers could potentially upload their own updates to be distributed and run on all installations.",
    "label": "Software and Data Integrity Failures",
    "language": "EN",
    "uuid": "b6d3b37e-2a87-4050-a75c-d9054e1dae7d"
}