From the course: Static Application Security Testing

Unlock the full course today

Join today to access over 24,400 courses taught by industry experts.

A8: Software and data integrity failures

A8: Software and data integrity failures - SonarQube Tutorial

From the course: Static Application Security Testing

Start my 1-month free trial Buy for my team

A8: Software and data integrity failures

- The eighth set of risks in the OWASP top 10 list are software and data integrity failures. The notion of software and data integrity is based on assumed trust. The software trust that the data we input is what's expected, and we trust that all of the software components are going to do what they were designed to do. When that trust is misplaced, we find ourselves facing a security incident or a data breach. While conversations around software integrity often focus on the code, don't overlook the infrastructure. If any component of the system can't be trusted, then the integrity of the entire system is at risk. Even if your developers build and deploy a trusted instance of an application, the integrity of that app could be impacted by each and every update to the app, whether the update is applied automatically or manually. This risk is an evolution of the insecure deserialization risk in the 2017 top 10 list.…

Contents