Cryptography 3

Tampering with state, source code, interpreted code, libraries, executables, updates, patches, configuration data, logs, etc undermines any trust in the application. Consider the file system, database content, information in memory, in page code, and data in transit.

How to play?

Axel can modify transient or permanent data (stored or in transit), or source code, or updates/patches, or configuration data, because it is not subject to integrity checking

Mappings

Owasp ASVS (4.0): 14.1.1 ,14.1.4 ,14.1.5 ,10.2.3-10.2.6 ,10.3.1 ,10.3.2

Capec: 31 ,39 ,68 ,75 ,133 ,145 ,162 ,203 ,438 ,439 ,442

Owasp SCP: 92,205,212

Owasp Appsensor: SE1,IE4

Safecode: 12,14

ASVS (4.0) Cheatsheetseries Index

ASVS V14.1 - Build

ASVS V10.2 - Malicious Code Search

ASVS V10.3 - Deployed Application Integrity Controls

Attacks

(Session) Data tampering

Session Hijacking (Man-in-the-Middle)

Loading comments 0%

View source on GitHub