Cornucopia 8

NB: The key concept for this card is host/network hardening, configuration and patching. See C 10 instead for software hardening, configuration and patching.

How to play?

David can bypass the application to gain access to data because the network and host infrastructure, and supporting services/applications, have not been securely configured, the configuration rechecked periodically and security patches applied, or the data is stored locally, or the data is not physically protected

Mappings

Owasp ASVS (4.0): 1.4.5 ,10.3.1 ,10.3.2 ,14.1.4 ,14.1.5 ,14.2.1 ,14.2.2

Capec: 37 ,220 ,310 ,436 ,536

Owasp SCP: 151,152,156,160,161,173,174,175,176,177

Owasp Appsensor: RE1,RE2

Safecode:

ASVS (4.0) Cheatsheetseries Index

ASVS V1.4 - Access Control Architectural Requirements

ASVS V10.3 - Deployed Application Integrity Controls

ASVS V14.1 - Build

ASVS V14.2 - Dependency

Attacks

Insider Threats

Social engineering attack

Loading comments 0%

View source on GitHub