OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, bu...

The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting ...

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid fo...

The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associ...

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.