OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the A08 category "Software and Data Integrity Failures" in the OWASP Top Ten 2021.
Weaknesses
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, bu...
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting ...
The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid fo...
The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associ...
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
Concepts
CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.