A08: Software and Data Integrity Failures
Simulate an insecure update process where an attacker can inject a malicious file.
Interactive Simulation
An attacker performs a Man-in-the-Middle (MITM) attack to swap a legitimate update with a malicious one.
How to Simulate
- With the defense OFF, click "Download and Install Update".
- Observe that the system does not check the file's integrity and installs the malicious file.
- Enable 'Verify Software Signatures' and try to install the update again.
- The application now checks the file's signature, detects a mismatch, and rejects the malicious update.
Explanation
This category focuses on failures related to software and data integrity. This includes insecure deserialization, where an application blindly trusts and processes serialized data from an untrusted source, potentially leading to remote code execution.
A key example, simulated here, is failing to verify the integrity of software updates. An insecure auto-update mechanism that downloads updates without verifying the package's digital signature can allow an attacker to inject malicious code into the application.
Toggle Defense
When ON, the application verifies the cryptographic signature of the downloaded update file against the developer's public key. The attacker's file won't have a valid signature, so the mismatch is detected.