Modern software development is characterized by agile principles that encourage rapid release and update cycles. Agile methodology’s core components require implementing strict integrity checks, without which attackers can inject malicious inputs that can potentially impact all stages of the deployment pipeline. In most instances, insecure design is one of the most commonly attributed causes that lead to a broad category of application security vulnerabilities – collectively known as software and data integrity failures.
This article introduces software and data integrity failures as one of the most prevalent known vulnerabilities within modern applications, examples of such failures, and prevention strategies.
What Are Software and Data Integrity Failures in OWASP Top 10 2021?
The complexity of architectures in modern update-release cycles often forces developers to use plugins, modules, and libraries from public repositories, untrusted sources, and content delivery networks. Due to such complexities, software and data integrity failures (categorized as design flaws) occur when critical data and software updates are added to the delivery pipeline without verifying their integrity. In the absence of adequate validation, software and data integrity failures make applications susceptible to unauthorized information disclosure, system compromise, or insertion of malicious code.
Modern software delivery pipelines include auto-update functionality that streamlines the lifecycles by downloading updates and applying them without inherent permissions. Threat actors can exploit such functionalities by performing a Man-in-the-Middle attack to inject malicious code into the pipeline during the update process. This results in corrupted payloads being deployed and executed outright on application installations.
The software and data integrity failures vulnerability is a new entrant to the OWASP Top Ten 2021 (A08). The entry covers various application security weaknesses that may lead to insufficient integrity verification. A few of such scenarios leading to integrity failures include:
- Faulty assumptions of the server-side and client-side components in use
- Outdated or unsupported third-party software
- Insufficient vulnerability scanning
- Erroneous input validation across the pipeline
- Missing framework/platform patches
- Missing unit tests
- Insecure component configurations
Software and Data Integrity Failures Prevention
Some techniques to avoid integrity violations include:
Use Digital Signatures for Software Component Verification
A digital signature is an electronic signature that aids in identifying the origin of a digital message or file. These signatures often use public key infrastructure patterns to ensure data exchanged between parties stays private and unaltered. Teams should adopt digital signage solutions that automate code signing, encryption, and authentication across CI/CD pipelines. This facilitates smoother component verification, subsequently ensuring integrity without compromising the velocity of the delivery cycle.
Use Secure Repositories for Libraries and Dependencies
Developers and security professionals should ensure that public registries, libraries, or dependencies connect to a secure version control system’s repository. In self-hosted repositories, developers should implement signed commits and multi-factor authentication to establish the origin of an update before committing changes. In addition to this, access roles for each repository should also be appropriately defined that allow only developers with valid privileges to deploy code.
Enforce Secure Code Reviews
Every software component used in the application should undergo an independent, manual, and/or automated application-level review. The review should vet the code for cyber threats that compromise the application’s availability, integrity, and confidentiality. This practice helps restrict the attack surface considerably while facilitating remediation before introducing code to the deployment pipeline.
Implement a Software Supply Chain Security Program
A supply chain security tool helps discover and mitigate vulnerabilities associated with third-party software or open-source libraries. An adequate supply chain security management program combines cybersecurity and risk management fundamentals, enabling teams to resolve vulnerabilities and prevent drifts in security controls efficiently. Popular supply chain security management solutions include OWASP CycloneDX and the OWASP Dependency-Check Project.
Software Integrity Failure Examples
Some commonly manifested software integrity security misconfigurations include:
Deserialization of Untrusted Data
Deserialization converts a sequence of byte streams back to their original form (objects). Suppose the application does not appropriately verify the validity of the original object data during deserialization. In that case, attackers can tamper with the input payload object to coerce the application to execute malicious codes. Insecure deserialization can also lead to attacks such as malicious code injection to alter the application logic or execute arbitrary commands with escalated privileges.
Reliance on Cookies without Validation and Integrity Checking
Applications typically rely on the existence/values of cookies to perform critical security controls but often fail to verify whether the cookie is valid for the associated user. Due to the lack of integrity checking, hackers can invoke client-side code to modify cookies that supply malicious input, perform an injection attack, or bypass authentication controls.
Downloading Code without Integrity Checks
In the event an application server downloads a source code and executes it without validating the code for its integrity and origin, hackers can deceive the application to download malicious code from untrusted sites. Such attacks can also lead to the execution of malicious commands, resulting in stealing sensitive information or compromising backend servers.
Improperly Controlled Modification of Dynamically-Determined Object Attributes
An application typically accepts input data from a component that specifies object attributes to be updated without controlling which attributes can be modified. Attackers can unexpectedly modify object attributes built explicitly for internal use with the sole intention of leading a system-wide seizure. Inherent language-specific vulnerabilities that aid software integrity failures include auto binding, mass assignment (Ruby), object injection (PHP), etc.
Untrusted Search Path
For servers that use an external search path to access critical resources such as executable programs or DLLs, attackers can modify the path value to a location under their direct control. When the server executes the malicious resource placed in the untrusted search path location, attackers can access unauthorized files, send data to unexpected destinations, execute malicious updates or modify the application’s configurations.
FAQs for Software and Data Integrity Failures
What are the primary categories of software integrity risks?
Cyber risk categories that can be attributed to data integrity include:
- Human error – Users committing errors that violate security protocols
- Malware and viruses – Malicious programs altering the application’s function
- Transmission errors – Data alteration while transferring between systems
How can Crashtest Security help with integrity failures?
Crashtest Security offers numerous features to help mitigate integrity failures, such as:
- Automated penetration testing – The platform helps perform periodic unit tests and threat modeling to keep vulnerable components out of the pipeline
- Vulnerability scanning – This includes automated scanning for known vulnerabilities encouraging proactive prevention. The tool integrates seamlessly with a dev stack to perform vulnerability scanning for early detection of integrity failures.
- Quick security assessments – Benchmarking the application’s security against the OWASP top ten list.