8️⃣A08:2021 – Software and Data Integrity Failures

Software and Data Integrity Failures

Software and data integrity failures occur when code and infrastructure fail to protect against integrity violations. This vulnerability encompasses various scenarios, such as relying on untrusted sources for plugins, libraries, or modules, insecure CI/CD pipelines, and inadequate integrity verification during auto-update processes. Additionally, insecure deserialization, where objects or data are encoded in a vulnerable format, is another concern.

Characteristics of Software and Data Integrity Failures

• Dependency on Untrusted Sources

  • Description: Applications relying on plugins, libraries, or modules from untrusted repositories or CDNs.

  • Example: Integrating third-party libraries from unverified sources into the application.

  • Impact: Increases the risk of introducing malicious code or system compromise.

• Insecure CI/CD Pipelines

  • Description: Vulnerabilities in the Continuous Integration/Continuous Deployment (CI/CD) pipeline allowing unauthorized access or code injection.

  • Example: Lack of proper access controls in the CI/CD process, enabling attackers to inject malicious code.

  • Impact: Compromises the integrity of the application and infrastructure.

• Inadequate Integrity Verification in Auto-updates

  • Description: Auto-update mechanisms downloading and applying updates without sufficient integrity verification.

  • Example: Updates being distributed without cryptographic signatures or checksum verification.

  • Impact: Allows attackers to distribute and execute malicious updates on all installations.

• Insecure Deserialization

  • Description: Objects or data encoded or serialized in a vulnerable format susceptible to modification by attackers.

  • Example: Deserializing data without proper input validation and integrity checks.

  • Impact: Enables attackers to manipulate serialized objects and potentially execute arbitrary code.

Prevention

• Use Digital Signatures

  • Employ digital signatures or similar mechanisms to verify the software or data's authenticity and integrity.

• Trustworthy Dependency Management

  • Ensure libraries and dependencies are sourced from trusted repositories, or consider hosting an internal vetted repository.

• Utilize Software Supply Chain Security Tools

  • Employ tools like OWASP Dependency Check or OWASP CycloneDX to verify components for known vulnerabilities in the software supply chain.

• Implement Code and Configuration Review Processes

  • Establish review processes for code and configuration changes to mitigate the risk of introducing malicious code or configuration into the software pipeline.

• Secure CI/CD Pipeline

  • Configure the CI/CD pipeline with proper segregation, configuration, and access control to maintain the integrity of the code throughout the build and deploy processes.

• Ensure Data Integrity for Untrusted Clients

  • Prevent the transmission of unsigned or unencrypted serialized data to untrusted clients without integrity checks or digital signatures to detect tampering or replay attacks.

References

• OWASP Cheat Sheet: Infrastructure as Code

• OWASP Cheat Sheet: Deserialization

• SAFECode Software Integrity Controls

• A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack

• CodeCov Bash Uploader Compromise

• Securing DevOps by Julien Vehent

• https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/

Mapped CWEs

• CWE-829: Inclusion of Functionality from Untrusted Control Sphere

  • CWE-829: Including functionality from untrusted sources increases the risk of code injection and system compromise.

• CWE-494: Download of Code Without Integrity Check

  • CWE-494: Downloading code without integrity verification allows for the distribution and execution of malicious updates.

• CWE-502: Deserialization of Untrusted Data

  • CWE-502: Deserializing untrusted data without proper validation can lead to arbitrary code execution.