OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but...

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting to...

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

The product relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid for th...

The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated...

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.