hunting/OWASP-Top-10/A08-Software-Data-Integrity-Failures

A08 - Software and Data Integrity Failures

Description

This relates to code and infrastructure that does not protect against integrity violations. This includes insecure deserialization, insecure CI/CD pipelines, and applications that rely on updates, plugins, or libraries from untrusted sources without integrity verification.

Common Vulnerabilities

• Insecure deserialization
• Unverified software updates
• Insecure CI/CD pipelines
• Unsigned code execution
• Missing integrity checks

Testing Approach

Test for deserialization vulnerabilities, analyze update mechanisms, check code signing, and verify integrity checks.