OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the A08 category "Software and Data Integrity Failures" in the OWASP Top Ten 2021.

Weaknesses

Deserialization of Untrusted Data

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

Improperly Controlled Modification of Dynamically-Determined Object Attributes

The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, bu...

Inclusion of Functionality from Untrusted Control Sphere

The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Inclusion of Web Functionality from an Untrusted Source

The software includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the software, potentially granting ...

Insufficient Verification of Data Authenticity

The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Missing Support for Integrity Check

The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

Reliance on Cookies without Validation and Integrity Checking

The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is valid fo...

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

The application uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associ...

Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

Concepts

Weaknesses in OWASP Top Ten (2021)

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.

See Also

  1. A08:2021 – Software and Data Integrity Failures
  2. OWASP Top 10:2021

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.