Spoofing
An attacker could squat on the random port or socket that the server normally uses.
2
We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
2
3
Spoofing
An attacker could try one credential after another and there's nothing to slow them down (online or offline).
3
4
Spoofing
An attacker can anonymously connect because we expect authentication to be done at a higher level.
4
5
Spoofing
An attacker can confuse a client because there are too many ways to identify a server.
5
6
Spoofing
An attacker can spoof a server because identifiers aren't stored on the client and checked for consistency on re-connection (that is, there's no key persistence).
6
7
Spoofing
An attacker can connect to a server or peer over a link that isn't authenticated (and encrypted).
7
8
Spoofing
An attacker could steal credentials stored on the server and reuse them (for example, a key is stored in a world readable file).
8
9
Spoofing
An attacker who gets a password can reuse it (use stronger authenticators).
9
10
Spoofing
An attacker can choose to use weaker or no authentication.
10
J
Spoofing
An attacker could steal credentials stored on the client and reuse them.
Q
Spoofing
An attacker could go after the way credentials are updated or recovered (account recovery doesn't require disclosing the old password).
K
Spoofing
Your system ships with a default admin password and doesn't force a change.
A
Spoofing
You've invented a new Spoofing attack.
A
3
Tampering
An attacker can take advantage of your custom key exchange or integrity control which you built instead of using standard crypto.
3
4
Tampering
Your code makes access control decisions all over the place, rather than with a security kernel.
4
5
Tampering
An attacker can replay data without detection because your code doesn't provide timestamps or sequence numbers.
5
6
Tampering
An attacker can write to a data store your code relies on.
6
7
Tampering
An attacker can bypass permissions because you don't make names canonical before checking access permissions.
7
8
Tampering
An attacker can manipulate data because there's no integrity protection or data on the network.
8
9
Tampering
An attacker can provide or control state information.
9
10
Tampering
An attacker can alter information in a data store because it has weak ACLs or includes a group which is equivalent to everyone ("all Live ID holders").
10
J
Tampering
An attacker can write to some resource because permissions are granted to the world or there are no ACLs.
Q
Tampering
An attacker can change parameters over a trust boundary and after validation (for example, important parameters in a hidden field in HTML, or passing a pointer to critical memory).
K
Tampering
An attacker can load code inside your process via an extension point.
A
Tampering
You've invented a new Tampering attack.
A
2
Repudiation
An attacker can pass data through the log to attack a log reader, and there's no documentation of what sorts of validation are done.
2
3
Repudiation
A low privilege attacker can read interesting security information in the logs.
3
4
Repudiation
An attacker can alter files or messages because the digital signature system you're implementing is weak, or uses MACs where it should use a signature.
4
5
Repudiation
An attacker can alter log messages on a network because they lack strong integrity controls.
5
6
Repudiation
An attacker can create a log entry without a timestamp (or no log entry is timestamped).
6
7
Repudiation
An attacker can make the logs wrap around and lose data.
7
8
Repudiation
An attacker can make a log lose or confuse security information.
8
9
Repudiation
An attacker can use a shared key to authenticate as different principals, confusing the information in the logs.
9
10
Repudiation
An attacker can get arbitrary data into logs from unauthenticated (or weak authenticated) outsiders without validation.
10
J
Repudiation
An attacker can edit logs and there's no way to tell (perhaps because there's no heartbeat option for the logging system).
Q
Repudiation
An attacker can say "I didn't do that," and you would have no way to prove them wrong.
K
Repudiation
The system has no logs.
A
Repudiation
You've invented a new Repudiation attack.
A
2
Information Disclosure
An attacker can brute-force file encryption because there's no defense in place (example defense: password stretching).
2
3
Information Disclosure
An attacker can see error messages with security-sensitive content.
3
4
Information Disclosure
An attacker can read content because messages (for example, an email or HTTP cookie) aren't encrypted even if the channel is encrypted.
4
5
Information Disclosure
An attacker may be able to read a document or data because it's encrypted with a non-standard algorithm.
5
6
Information Disclosure
An attacker can read data because it's hidden or occluded (for undo or change tracking) and the user might forget that it's there.
6
7
Information Disclosure
An attacker can act as a 'man in the middle' because you don't authenticate endpoints of a network connection.
7
8
Information Disclosure
An attacker can access information through a search indexer, logger, or other such mechanism.
8
9
Information Disclosure
An attacker can read sensitive information in a file with bad ACLs.
9
10
Information Disclosure
An attacker can read information in files with no ACLs.
10
J
Information Disclosure
An attacker can discover the fixed key being used to encrypt.
Q
Information Disclosure
An attacker can read network information because there's no cryptography used.
K
Information Disclosure
An attacker can read the entire channel because the channel (for example, HTTP or SMTP) isn't encrypted.
A
Information Disclosure
You've invented a new Information Disclosure attack.
A
2
Denial of Service
An attacker can make your authentication system unusable or unavailable.
2
3
Denial of Service
An attacker can make a client unavailable or unusable but the problem goes away when the attacker stops (client, authenticated, temporary).
3
4
Denial of Service
An attacker can make a client unavailable or unusable but the problem goes away when the attacker stops (client, authenticated, temporary).
4
5
Denial of Service
An attacker can make a client unavailable or unusable without ever authenticating, but the problem goes away when the attacker stops (client, anonymous, temporary).
5
6
Denial of Service
An attacker can make a server unavailable or unusable without ever authenticating, but the problem goes away when the attacker stops (server, anonymous, temporary).
6
7
Denial of Service
An attacker can make a client unavailable or unusable and the problem persists after the attacker goes away (client, authenticated, persistent).
7
8
Denial of Service
An attacker can make a server unavailable or unusable and the problem persists after the attacker goes away (server, authenticated, persistent).
8
9
Denial of Service
An attacker can make a client unavailable or unusable without ever authenticating, and the problem persists after the attacker goes away (client, anonymous, persistent).
9
10
Denial of Service
An attacker can make a server unavailable or unusable without ever authenticating, and the problem persists after the attacker goes away (server, anonymous, persistent).
10
J
Denial of Service
An attacker can cause the logging subsystem to stop working.
Q
Denial of Service
An attacker can amplify a Denial of Service attack through this component with amplification on the order of 10:1.
K
Denial of Service
An attacker can amplify a Denial of Service attack through this component with amplification on the order of 100:1.
A
Denial of Service
You've invented a new Denial of Service attack.
A
5
Elevation of Privilege
An attacker can force data through different validation paths which give different results.
5
6
Elevation of Privilege
An attacker could take advantage of .NET permissions you ask for, but don't use.
6
7
Elevation of Privilege
An attacker can provide a pointer across a trust boundary, rather than data which can be validated.
7
8
Elevation of Privilege
An attacker can enter data that is checked while still under the attacker's control and used later on the other side of a trust boundary.
8
9
Elevation of Privilege
There's no reasonable way for callers to figure out what validation of tainted data you perform before passing it to them.
9
10
Elevation of Privilege
There's no reasonable way for a caller to figure out what security assumptions you make.
10
J
Elevation of Privilege
An attacker can reflect input back to a user, like cross-site scripting.
Q
Elevation of Privilege
You include user-generated content within your page, possibly including the content of random URLs.
K
Elevation of Privilege
An attacker can inject a command that the system will run at a higher privilege level.
A
Elevation of Privilege
You've invented a new Elevation Of Privilege attack.
A
2
Brian can gather information about the underlying configurations, schemas, logic, code, software, services and infrastructure due to the content of error messages, or poor configuration, or the presence of default installation files or old, test, backup or copies of resources, or exposure of source code
- OWASP SCP
- 69, 107, 108, 109, 136, 137, 153, 156, 158, 162
- OWASP ASVS
- 1.1, 4.5, 8.1, 11.5, 19.1, 19.5
- OWASP AppSensor
- HT1-3
- CAPEC
- 54, 541
- SAFECODE
- 4, 23
3
Robert can input malicious data because the allowed protocol format is not being checked, or duplicates are accepted, or the structure is not being verified, or the individual data elements are not being validated for format, type, range, length and a whitelist of allowed characters or formats
- OWASP SCP
- –
- OWASP ASVS
- 5.1, 5.16, 5.17, 5.18, 5.19, 5.2, 11.1, 11.2
- OWASP AppSensor
- RE7-8, AE4-7, IE2-3, CIE1, CIE3-4, HT1-3
- CAPEC
- 28, 48, 126, 165, 213, 220, 221, 261, 262, 271, 272
- SAFECODE
- 3, 16, 24, 35
4
Dave can input malicious field names or data because it is not being checked within the context of the current user and process
- OWASP SCP
- 8, 10, 183
- OWASP ASVS
- 4.16, 5.16, 5.17, 15.1
- OWASP AppSensor
- RE3-6, AE8-11, SE1, SE3-6, IE2-4, HT1-3
- CAPEC
- 28, 31, 48, 126, 162, 165, 213, 220, 221, 261
- SAFECODE
- 24, 35
5
Jee can bypass the centralized encoding routines since they are not being used everywhere, or the wrong encodings are being used
- OWASP SCP
- 3, 15, 18, 19, 20, 21, 22, 168
- OWASP ASVS
- 1.7, 5.15, 5.21, 5.22, 5.23
- OWASP AppSensor
- –
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
6
Jason can bypass the centralized validation routines since they are not being used on all inputs
- OWASP SCP
- 3, 168
- OWASP ASVS
- 1.7, 5.6, 5.19
- OWASP AppSensor
- IE2-3
- CAPEC
- 28
- SAFECODE
- 3, 16, 24
7
Jan can craft special payloads to foil input validation because the character set is not specified/enforced, or the data is encoded multiple times, or the data is not fully converted into the same format the application uses (e.g. canonicalization) before being validated, or variables are not strongly typed
- OWASP SCP
- 4, 5, 7, 150
- OWASP ASVS
- 5.6, 11.8
- OWASP AppSensor
- IE2-3, EE1-2
- CAPEC
- 28, 153, 165
- SAFECODE
- 3, 16, 24
8
Sarah can bypass the centralized sanitization routines since they are not being used comprehensively
- OWASP SCP
- 15, 169
- OWASP ASVS
- 1.7, 5.21, 5.23
- OWASP AppSensor
- –
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
9
Shamun can bypass input validation or output validation checks because validation failures are not rejected and/or sanitized
- OWASP SCP
- 6, 21, 22, 168
- OWASP ASVS
- 5.3
- OWASP AppSensor
- IE2-3
- CAPEC
- 28
- SAFECODE
- 3, 16, 24
10
Darío can exploit the trust the application places in a source of data (e.g. user-definable data, manipulation of locally stored data, alteration to state data on a client device, lack of verification of identity during data validation such as Darío can pretend to be Colin)
- OWASP SCP
- 2, 19, 92, 95, 180
- OWASP ASVS
- 5.19, 10.6, 16.2, 16.3, 16.4, 16.5, 16.8
- OWASP AppSensor
- IE4, IE5
- CAPEC
- 12, 51, 57, 90, 111, 145, 194, 195, 202, 218, 463
- SAFECODE
- 14
J
Dennis has control over input validation, output validation or output encoding code or routines so they can be bypassed
- OWASP SCP
- 1, 17
- OWASP ASVS
- 5.5, 5.18
- OWASP AppSensor
- RE3, RE4
- CAPEC
- 87, 207, 554
- SAFECODE
- 2, 17
Q
Geoff can inject data into a client or device side interpreter because a parameterised interface is not being used, or has not been implemented correctly, or the data has not been encoded correctly for the context, or there is no restrictive policy on code or data includes
- OWASP SCP
- 10, 15, 16, 19, 20
- OWASP ASVS
- 5.15, 5.22, 5.23, 5.24, 5.25
- OWASP AppSensor
- IE1, RP3
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
K
Gabe can inject data into an server-side interpreter (e.g. SQL, OS commands, Xpath, Server JavaScript, SMTP) because a strongly typed parameterised interface is not being used or has not been implemented correctly
- OWASP SCP
- 15, 19, 20, 21, 22, 167, 180, 204, 211, 212
- OWASP ASVS
- 5.1, 5.11, 5.12, 5.13, 5.14, 5.16, 5.21
- OWASP AppSensor
- CIE1, CIE2
- CAPEC
- 23, 28, 76, 152, 160, 261
- SAFECODE
- 2, 19, 20
A
You have invented a new attack against Data Validation and Encoding
Read more about this topic in OWASP's free Cheat Sheets on Input Validation, XSS Prevention, DOM-based XSS Prevention, SQL Injection Prevention, and Query Parameterization
2
James can undertake authentication functions without the real user ever being aware this has occurred (e.g. attempt to log in, log in with stolen credentials, reset the password)
- OWASP SCP
- 47, 52
- OWASP ASVS
- 2.12, 8.4, 8.1
- OWASP AppSensor
- UT1
- CAPEC
- –
- SAFECODE
- 28
3
Muhammad can obtain a user's password or other secrets such as security questions, by observation during entry, or from a local cache, or from memory, or in transit, or by reading it from some unprotected location, or because it is widely known, or because it never expires, or because the user cannot change her own password
- OWASP SCP
- 36, 37, 40, 43, 48, 51, 119, 139, 140, 146
- OWASP ASVS
- 2.2, 2.17, 2.24, 8.7, 9.1, 9.4, 9.5, 9.9, 9.11
- OWASP AppSensor
- –
- CAPEC
- 37, 546
- SAFECODE
- 28
4
Sebastien can easily identify user names or can enumerate them
- OWASP SCP
- 33, 53
- OWASP ASVS
- 2.18, 2.28
- OWASP AppSensor
- AE1
- CAPEC
- 383
- SAFECODE
- 28
5
Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application
- OWASP SCP
- 54, 175, 178
- OWASP ASVS
- 2.19
- OWASP AppSensor
- AE12, HT3
- CAPEC
- 70
- SAFECODE
- 28
6
Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)
- OWASP SCP
- 37, 45, 46, 178
- OWASP ASVS
- 2.22
- OWASP AppSensor
- –
- CAPEC
- 50
- SAFECODE
- 28
7
Cecilia can use brute force and dictionary attacks against one or many accounts without limit, or these attacks are simplified due to insufficient complexity, length, expiration and re-use requirements for passwords
- OWASP SCP
- 33, 38, 39, 41, 50, 53
- OWASP ASVS
- 2.7, 2.2, 2.23, 2.25, 2.27
- OWASP AppSensor
- AE2, AE3
- CAPEC
- 2, 16
- SAFECODE
- 27
8
Kate can bypass authentication because it does not fail secure (i.e. it defaults to allowing unauthenticated access)
- OWASP SCP
- 28
- OWASP ASVS
- 2.6
- OWASP AppSensor
- –
- CAPEC
- 115
- SAFECODE
- 28
9
Claudia can undertake more critical functions because authentication requirements are too weak (e.g. do not use strong authentication such as two factor), or there is no requirement to re-authenticate for these
- OWASP SCP
- 55, 56
- OWASP ASVS
- 2.1, 2.9, 2.26, 2.31, 4.15
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
10
Pravin can bypass authentication controls because a centralized standard, tested, proven and approved authentication module/framework/service, separate to the resource being requested, is not being used
- OWASP SCP
- 25, 26, 27
- OWASP ASVS
- 1.7, 2.3
- OWASP AppSensor
- –
- CAPEC
- 90, 115
- SAFECODE
- 14, 28
J
Mark can access resources or services because there is no authentication requirement, or it was mistakenly assumed authentication would be undertaken by some other system or performed in some previous action
- OWASP SCP
- 23, 32, 34
- OWASP ASVS
- 2.1
- OWASP AppSensor
- –
- CAPEC
- 115
- SAFECODE
- 14, 28
Q
Jaime can bypass authentication because it is not enforced with equal rigor for all types of authentication functionality (e.g. register, password change, password recovery, log out, administration) or across all versions/channels (e.g. mobile website, mobile app, full website, API, call centre)
- OWASP SCP
- 23, 29, 42, 49
- OWASP ASVS
- 2.1, 2.8
- OWASP AppSensor
- –
- CAPEC
- 36, 50, 115, 121, 179
- SAFECODE
- 14, 28
K
Olga can influence or alter authentication code/routines so they can be bypassed
- OWASP SCP
- 24
- OWASP ASVS
- 2.4, 13.2
- OWASP AppSensor
- –
- CAPEC
- 115, 207, 554
- SAFECODE
- 14, 28
A
You have invented a new attack against Authentication
Read more about this topic in OWASP's free Authentication Cheat Sheet
2
William has control over the generation of session identifiers
- OWASP SCP
- 58, 59
- OWASP ASVS
- 3.1
- OWASP AppSensor
- SE2
- CAPEC
- 31, 60, 61
- SAFECODE
- 28
3
Ryan can use a single account in parallel since concurrent sessions are allowed
- OWASP SCP
- 68
- OWASP ASVS
- 3.16, 3.17, 3.18
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 28
4
Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently
- OWASP SCP
- 59, 61
- OWASP ASVS
- 3.12
- OWASP AppSensor
- SE2
- CAPEC
- 31, 61
- SAFECODE
- 28
5
John can predict or guess session identifiers because they are not changed when the user's role alters (e.g. pre and post authentication) and when switching between non-encrypted and encrypted communications, or are not sufficiently long and random, or are not changed periodically
- OWASP SCP
- 60, 62, 66, 67, 71, 72
- OWASP ASVS
- 3.2, 3.7, 3.11
- OWASP AppSensor
- SE4-6
- CAPEC
- 31
- SAFECODE
- 28
6
Gary can take over a user's session because there is a long or no inactivity timeout, or a long or no overall session time limit, or the same session can be used from more than one device/location
- OWASP SCP
- 64, 65
- OWASP ASVS
- 3.3, 3.4, 3.16, 3.17, 3.18
- OWASP AppSensor
- SE5, SE6
- CAPEC
- 21
- SAFECODE
- 28
7
Casey can utilize Adam's session after he has finished, because there is no log out function, or he cannot easily log out, or log out does not properly terminate the session
- OWASP SCP
- 62, 63
- OWASP ASVS
- 3.2, 3.5
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 28
8
Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed
- OWASP SCP
- 96
- OWASP ASVS
- –
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 28
9
Ivan can steal session identifiers because they are sent over insecure channels, or are logged, or are revealed in error messages, or are included in URLs, or are accessible un-necessarily by code which the attacker can influence or alter
- OWASP SCP
- 69, 75, 76, 119, 138
- OWASP ASVS
- 3.6, 8.7, 10.3
- OWASP AppSensor
- SE4-6
- CAPEC
- 31, 60
- SAFECODE
- 28
10
Marce can forge requests because per-session, or per-request for more critical actions, strong random tokens (i.e. anti-CSRF tokens) or similar are not being used for actions that change state
- OWASP SCP
- 73, 74
- OWASP ASVS
- 4.13
- OWASP AppSensor
- IE4
- CAPEC
- 62, 111
- SAFECODE
- 18
J
Jeff can resend an identical repeat interaction (e.g. HTTP request, signal, button press) and it is accepted, not rejected
- OWASP SCP
- –
- OWASP ASVS
- 15.1, 15.2
- OWASP AppSensor
- IE5
- CAPEC
- 60
- SAFECODE
- 12, 14
Q
Salim can bypass session management because it is not applied comprehensively and consistently across the application
- OWASP SCP
- 58
- OWASP ASVS
- 3.1
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
K
Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module
- OWASP SCP
- 58, 60
- OWASP ASVS
- 1.7
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
A
You have invented a new attack against Session Management
Read more about this topic in OWASP's free Cheat Sheets on Session Management, and Cross Site Request Forgery (CSRF) Prevention
2
Kyun can access data because it has been obfuscated rather than using an approved cryptographic function
- OWASP SCP
- 105, 133, 135
- OWASP ASVS
- –
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 21, 29
3
Axel can modify transient or permanent data (stored or in transit), or source code, or updates/patches, or configuration data, because it is not subject to integrity checking
- OWASP SCP
- 92, 205, 212
- OWASP ASVS
- 8.11, 11.7, 13.2, 19.5, 19.6, 19.7, 19.8
- OWASP AppSensor
- SE1, IE4
- CAPEC
- 31, 39, 68, 75, 133, 145, 162, 203, 438, 439, 442
- SAFECODE
- 12, 14
4
Paulo can access data in transit that is not encrypted, even though the channel is encrypted
- OWASP SCP
- 37, 88, 143, 214
- OWASP ASVS
- 7.12, 9.2
- OWASP AppSensor
- –
- CAPEC
- 185, 186, 187
- SAFECODE
- 14, 29, 30
5
Kyle can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected)
- OWASP SCP
- 103, 145
- OWASP ASVS
- 7.2, 10.3
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 21, 29
6
Romain can read and modify unencrypted data in memory or in transit (e.g. cryptographic secrets, credentials, session identifiers, personal and commercially-sensitive data), in use or in communications within the application, or between the application and users, or between the application and external systems
- OWASP SCP
- 36, 37, 143, 146, 147
- OWASP ASVS
- 2.16, 9.2, 9.11, 10.3, 19.2
- OWASP AppSensor
- –
- CAPEC
- 31, 57, 102, 157, 158, 384, 466, 546
- SAFECODE
- 29
7
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication
- OWASP SCP
- 75, 144, 145, 148
- OWASP ASVS
- 10.1, 10.5, 10.1, 10.11, 10.12, 10.13, 10.14
- OWASP AppSensor
- IE4
- CAPEC
- 31, 216
- SAFECODE
- 14, 29, 30
8
Eoin can access stored business data (e.g. passwords, session identifiers, PII, cardholder data) because it is not securely encrypted or securely hashed
- OWASP SCP
- 30, 31, 70, 133, 135
- OWASP ASVS
- 2.13, 7.7, 7.8, 9.2
- OWASP AppSensor
- –
- CAPEC
- 31, 37, 55
- SAFECODE
- 21, 29, 31
9
Andy can bypass random number generation, random GUID generation, hashing and encryption functions because they have been self-built and/or are weak
- OWASP SCP
- 60, 104, 105
- OWASP ASVS
- 7.6, 7.7, 7.8, 7.15
- OWASP AppSensor
- –
- CAPEC
- 97
- SAFECODE
- 14, 21, 29, 32, 33
10
Susanna can break the cryptography in use because it is not strong enough for the degree of protection required, or it is not strong enough for the amount of effort the attacker is willing to make
- OWASP SCP
- 104, 105
- OWASP ASVS
- –
- OWASP AppSensor
- –
- CAPEC
- 97, 463
- SAFECODE
- 14, 21, 29, 31, 32, 33
J
Justin can read credentials for accessing internal or external resources, services and others systems because they are stored in an unencrypted format, or saved in the source code
- OWASP SCP
- 35, 90, 171, 172
- OWASP ASVS
- 2.29
- OWASP AppSensor
- –
- CAPEC
- 116
- SAFECODE
- 21, 29
Q
Randolph can access or predict the master cryptographic secrets
- OWASP SCP
- 35, 102
- OWASP ASVS
- 7.8, 7.9, 7.11, 7.13, 7.14
- OWASP AppSensor
- –
- CAPEC
- 116, 117
- SAFECODE
- 21, 29
K
Dan can influence or alter cryptography code/routines (encryption, hashing, digital signatures, random number and GUID generation) and can therefore bypass them
- OWASP SCP
- 31, 101
- OWASP ASVS
- 7.11
- OWASP AppSensor
- –
- CAPEC
- 207, 554
- SAFECODE
- 14, 21, 29
A
You have invented a new attack against Cryptography
Read more about this topic in OWASP's free Cheat Sheets on Cryptographic Storage, and Transport Layer Protection
2
Lee can bypass application controls because dangerous/risky programming language functions have been used instead of safer alternatives, or there are type conversion errors, or because the application is unreliable when an external resource is unavailable, or there are race conditions, or there are resource initialization or allocation issues, or overflows can occur
- OWASP SCP
- 194, 195, 196, 197, 198, 199, 200, 201, 202, 205, 206, 207, 208, 209
- OWASP ASVS
- 5.1
- OWASP AppSensor
- –
- CAPEC
- 25, 26, 29, 96, 123, 124, 128, 129, 264, 265
- SAFECODE
- 3, 5, 6, 7, 9, 22, 25, 26, 34
3
Andrew can access source code, or decompile, or otherwise access business logic to understand how the application works and any secrets contained
- OWASP SCP
- 134
- OWASP ASVS
- 19.5
- OWASP AppSensor
- –
- CAPEC
- 189, 207
- SAFECODE
- –
4
Keith can perform an action and it is not possible to attribute it to him
- OWASP SCP
- 23, 32, 34, 42, 51, 181
- OWASP ASVS
- 8.1
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- –
5
Larry can influence the trust other parties including users have in the application, or abuse that trust elsewhere (e.g. in another application)
- OWASP SCP
- –
- OWASP ASVS
- –
- OWASP AppSensor
- –
- CAPEC
- 89, 103, 181, 459
- SAFECODE
- –
6
Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system
- OWASP SCP
- 109, 110, 111, 112, 155
- OWASP ASVS
- 8.2, 8.4
- OWASP AppSensor
- –
- CAPEC
- 54, 98, 164
- SAFECODE
- 4, 11, 23
7
Mwengu's actions cannot be investigated because there is not an adequate accurately time-stamped record of security events, or there is not a full audit trail, or these can be altered or deleted by Mwengu, or there is no centralized logging service
- OWASP SCP
- 113, 114, 115, 117, 118, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130
- OWASP ASVS
- 2.12, 8.3, 8.4, 8.5, 8.6, 8.7, 8.8, 8.9, 8.1, 8.11, 8.12, 9.1, 10.4
- OWASP AppSensor
- –
- CAPEC
- 93
- SAFECODE
- 4
8
David can bypass the application to gain access to data because the network and host infrastructure, and supporting services/applications, have not been securely configured, the configuration rechecked periodically and security patches applied, or the data is stored locally, or the data is not physically protected
- OWASP SCP
- 151, 152, 156, 160, 161, 173, 174, 175, 176, 177
- OWASP ASVS
- 19.1, 19.4, 19.6, 19.7, 19.8
- OWASP AppSensor
- RE1, RE2
- CAPEC
- 37, 220, 310, 436, 536
- SAFECODE
- –
9
Michael can bypass the application to gain access to data because administrative tools or administrative interfaces are not secured adequately
- OWASP SCP
- 23, 29, 56, 81, 82, 84, 85, 86, 87, 88, 89, 90
- OWASP ASVS
- 2.1, 2.32
- OWASP AppSensor
- –
- CAPEC
- 122, 233
- SAFECODE
- –
10
Xavier can circumvent the application's controls because code frameworks, libraries and components contain malicious code or vulnerabilities (e.g. in-house, commercial off the shelf, outsourced, open source, externally-located)
- OWASP SCP
- 57, 151, 152, 204, 205, 213, 214
- OWASP ASVS
- 1.11
- OWASP AppSensor
- –
- CAPEC
- 68, 438, 439, 442, 524, 538
- SAFECODE
- 15
J
Roman can exploit the application because it was compiled using out-of-date tools, or its configuration is not secure by default, or security information was not documented and passed on to operational teams
- OWASP SCP
- 90, 137, 148, 151, 152, 153, 154, 175, 176, 177, 178, 179, 186, 192
- OWASP ASVS
- 19.5, 19.9
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 4
Q
Jim can undertake malicious, non-normal, actions without real-time detection and response by the application
- OWASP SCP
- –
- OWASP ASVS
- 4.14, 9.8, 15.1, 15.2
- OWASP AppSensor
- (All)
- CAPEC
- –
- SAFECODE
- 1, 27
K
Gareth can utilize the application to deny service to some or all of its users
- OWASP SCP
- 41, 55
- OWASP ASVS
- –
- OWASP AppSensor
- UT1-4, STE3
- CAPEC
- 2, 25, 119, 125
- SAFECODE
- 1
A
You have invented a new attack of any type
Read more about application security in OWASP's free Guides on Requirements, Development, Code Review and Testing, the Cheat Sheet series, and the Open Software Assurance Maturity Model
Joker
Alice can utilize the application to attack users' systems and data
Have you thought about becoming an individual OWASP member? All tools, guidance and local meetings are free for everyone, but individual membership helps support OWASP's work
Joker
Bob can influence, alter or affect the application so that it no longer complies with legal, regulatory, contractual or other organizational mandates
Examine vulnerabilities and discover how they can be fixed using training applications in the free OWASP Broken Web Applications VM, or using the online challenges in the free Hacking Lab
2
Andrew can expose sensitive data through the app's auto-generated screenshots when the app moves to the background
- OWASP MASVS
- PLATFORM-3
- OWASP MASTG
- TEST-0010, TEST-0059
- CAPEC
- 37, 155, 498, 648
- SAFECODE
- -
3
Harold can spy sensitive data being entered through the user interface because the data is excessive, not properly masked or cleaned up after use
- OWASP MASVS
- PLATFORM-3
- OWASP MASTG
- TEST-0008, TEST-0037, TEST-0057
- CAPEC
- 508
- SAFECODE
- -
4
Kelly can expose sensitive data by taking advantage of the app's excessive permissions connected to the app's use of location, camera, microphone, storage, etc
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0024, TEST-0069
- CAPEC
- 634, 651
- SAFECODE
- 11
5
Jason can provoke memory leak or corruption because the app has cyclic dependencies, manages pointers inadequately, keeps an incorrect reference count, does not release shared resources or apply stack protection
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0043, TEST-0044, TEST-0086
- CAPEC
- 14, 24, 44, 45, 46, 47, 92, 100, 124, 128, 129, 131, 679
- SAFECODE
- 7, 9, 34, 36
6
Dawn can expose and intercept sensitive functionality through interprocess communication because permissions for broadcast and sharing are not set, not narrow enough or appropriately excluded when sharing
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0029, TEST-0030, TEST-0071
- CAPEC
- 94, 117, 499, 502, 504
- SAFECODE
- 8, 10, 11
7
Lauren can traverse or modify otherwise protected files through access to the underlying file system by exploiting weaknesses in file system-based content providers, resolvers or its configuration
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0007, TEST-0056
- CAPEC
- 126, 127, 139, 597, 643
- SAFECODE
- 16, 33
8
Colin can expose sensitive data through the app's interprocess communication because the content provider's query methods are not properly parameterized and arguments sanitized
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0007, TEST-0056
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
9
Toby can modify or expose data by injection because the response from implicit intents is not properly validated
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0026
- CAPEC
- 497, 499, 502
- SAFECODE
- 17
10
Max can modify or expose data because input validation and sanitation are not properly applied to interprocess communication or because extensions are not properly restricted
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0025, TEST-0072
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
J
Johan can modify or expose sensitive data by exploiting weaknesses in the SDK or third party libraries because updates to the app and platform are not enforced or do not patch known software vulnerabilities
- OWASP MASVS
- CODE-1, CODE-2, CODE-3
- OWASP MASTG
- TEST-0036, TEST-0042, TEST-0080, TEST-0085
- CAPEC
- 310, 538, 691
- SAFECODE
- -
Q
Xavier can inject scripts into the web view because it allows embedding content using deep linking without proper authorization and validation of the host, schema and path of the target as these can be changed by the user or because safe browsing is disabled
- OWASP MASVS
- PLATFORM-1, PLATFORM-2
- OWASP MASTG
- TEST-0027, TEST-0028, TEST-0031, TEST-0070, TEST-0076, TEST-0077
- CAPEC
- 175, 240, 242, 500, 591, 592
- SAFECODE
- 17
K
Grant can modify or expose data by influencing or altering JavaScript bridges, extensions or interprocess communication (e.g. shared memory, message passing, pipes, sockets)
- OWASP MASVS
- PLATFORM-1, PLATFORM-2
- OWASP MASTG
- TEST-0007, TEST-0030, TEST-0033, TEST-0056, TEST-0072, TEST-0078
- CAPEC
- 137, 138, 499, 502, 586
- SAFECODE
- -
A
You have invented a new attack against “Platform and Code”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Code Quality” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Matt can inspect sensitive application log data because logging statements have not been removed or reviewed as safe before the production release
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0003, TEST-0053
- CAPEC
- 155
- SAFECODE
- 11, 23, 29
3
Bil can access sensitive data for sensitive fields from the pasteboard/clipboard or keyboard cache because the pasteboard/clipboard is not timely cleared, disabled or restricted for sensitive fields, or the keyboard cache is not disabled
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0006, TEST-0055, TEST-0073
- CAPEC
- 204, 637, 679
- SAFECODE
- -
4
Ricardo can extract data stored by the app on a stolen or decommissioned device because it does not enforce device access security policies (e.g. PIN protected locking, app-/os-version, USB debug deactivation, device encryption and rooting)
- OWASP MASVS
- STORAGE-1
- OWASP MASTG
- TEST-0012
- CAPEC
- 406, 675
- SAFECODE
- -
5
Kevin can read sensitive data mapped to user accounts or sessions by extracting data sent through third-party libraries and/or notifications sent between the app and embedded services (e.g. logs, notifications, backups, cache, local db)
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0004, TEST-0005, TEST-0054
- CAPEC
- 155, 161, 204, 220, 639, 643
- SAFECODE
- 11, 23, 29
6
Sam can dump sensitive data from memory because the data is not stored as primitive data types and overwritten with random data after use or because the app's input fields use insecure SDKs to store the data in RAM
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0011, TEST-0060
- CAPEC
- 679
- SAFECODE
- -
7
Steve can access sensitive data by reading backups and/or local, internal/external storage
- OWASP MASVS
- STORAGE-1, STORAGE-2
- OWASP MASTG
- TEST-0001, TEST-0003, TEST-0009, TEST-0052, TEST-0053, TEST-0058
- CAPEC
- 37, 155, 204, 639, 643
- SAFECODE
- 11, 23, 29
8
Martin can modify or expose sensitive data through unsafe reflection when reading data from public data storage (e.g. shared preferences) because the data is not validated before being read by the app
- OWASP MASVS
- STORAGE-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 176
- SAFECODE
- -
9
Adrian can compromise the app communication through a proxy because the app does not make use of certificate pinning or implements it incorrectly
- OWASP MASVS
- NETWORK-2
- OWASP MASTG
- TEST-0022, TEST-0068
- CAPEC
- 57, 94, 156, 465, 466, 479, 701
- SAFECODE
- 14, 30
10
Maarten can compromise the communication between the app and the external services because the app does not verify TLS certificates and -chains, trust insecure sources, lack hostname verification or ignore TLS verification issues
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0019, TEST-0021, TEST-0065, TEST-0067
- CAPEC
- 57, 94, 156, 465, 466, 479, 701
- SAFECODE
- 14, 29, 30
J
Nihel can compromise the communication as it may fall back to an insecure or unencrypted channel, because encryption is optional, or because of client-server protocol or security provider weaknesses
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0020, TEST-0023, TEST-0066
- CAPEC
- 57, 94, 156, 220, 459, 465, 466
- SAFECODE
- 12, 14, 29, 30
Q
Ahmed can read and modify data in transit because the communication is transmitted over an unencrypted channel
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0019, TEST-0065
- CAPEC
- 31, 36, 57, 102, 157, 158, 384, 466
- SAFECODE
- 29, 30
K
Taher can intercept, extract or modify sensitive data at rest or in transit by influencing or altering methods for transferring or storing data at rest or in transit
- OWASP MASVS
- STORAGE-1
- OWASP MASTG
- TEST-0001, TEST-0052
- CAPEC
- 75, 76, 113, 153, 161, 165, 176, 190, 207, 210, 554, 562
- SAFECODE
- 12, 19
A
You have invented a new attack against “Network & Storage”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Network Communication” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Sebastien can disclose sensitive data because the application is set up to log debug information at runtime
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0041, TEST-0084
- CAPEC
- 37, 167, 191
- SAFECODE
- -
3
Tobias can disclose sensitive data by dumping debug symbols while the application is running
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0040, TEST-0083
- CAPEC
- 37, 167, 191
- SAFECODE
- -
4
Timur can change the code of the production release because the code of the application has not been properly signed using a valid production certificate
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0038, TEST-0081
- CAPEC
- 68, 167, 206, 476
- SAFECODE
- 14
5
Matteo can bypass access controls and trigger functionality because debugging is left enabled in the production build
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0039, TEST-0082
- CAPEC
- 115, 167, 554
- SAFECODE
- -
6
Joren can bypass access controls because the anti-debugging controls aren't strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0046, TEST-0089
- CAPEC
- 115, 167, 554
- SAFECODE
- -
7
Erlend can compromise the app by running it in an emulator because the prevention against emulators are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-1
- OWASP MASTG
- TEST-0049, TEST-0092
- CAPEC
- 189, 554
- SAFECODE
- -
8
Carlos can reverse engineer the app because the prevention against the use of anti reverse engineering tools are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0048, TEST-0091
- CAPEC
- 167, 554
- SAFECODE
- -
9
Sean can reverse engineer the app because the code obfuscation is not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0051, TEST-0093
- CAPEC
- 167, 554
- SAFECODE
- -
10
Juan can bypass jailbreak and root detection and execute administrative functions to bypass integrity checks and access controls and trigger app functionality
- OWASP MASVS
- RESILIENCE-1
- OWASP MASTG
- TEST-0045, TEST-0088
- CAPEC
- 167, 660, 661
- SAFECODE
- -
J
Pekka can compromise the integrity of the storage because the file integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0047, TEST-0090
- CAPEC
- 23, 165, 167
- SAFECODE
- -
Q
Titus can patch out critical functionality because the runtime integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0050
- CAPEC
- 167, 554
- SAFECODE
- -
K
Sherif can influence or alter controls against reverse engineering and runtime protection and can therefore bypass them
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0046, TEST-0089
- CAPEC
- 167, 554
- SAFECODE
- -
A
You have invented a new attack against Authorization
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Tampering and Reverse Engineering” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Lesego can compromise cryptographic operations and resources because keys are reused for multiple purposes, or not used according to the purpose for which they were created
- OWASP MASVS
- CRYPTO-2
- OWASP MASTG
- TEST-0015, TEST-0062
- CAPEC
- 97, 116, 117
- SAFECODE
- 14, 29
3
Emery can access data because it has been obfuscated rather than using an approved cryptographic function
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 37, 204
- SAFECODE
- 21, 29
4
Enselme can modify sensitive data (stored or in transit) because it is not subject to integrity checking
- OWASP MASVS
- CRYPTO-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 68, 75, 145, 438, 439, 442
- SAFECODE
- 12, 14
5
Orace can predict the seed value used for generating cryptographic keys thereby compromising the cryptographic key
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0016, TEST-0063
- CAPEC
- 20, 112, 485
- SAFECODE
- 29, 33
6
Kouti can extract sensitive data because the cryptographic key, used, is hard-coded or stored insecurely such as in local, internal/external storage
- OWASP MASVS
- STORAGE-1, CRYPTO-1, CRYPTO-2
- OWASP MASTG
- TEST-0001, TEST-0013, TEST-0052, TEST-0062
- CAPEC
- 37, 117, 155, 191, 204
- SAFECODE
- 21, 29
7
Ramsey can access stored sensitive data because it is not securely encrypted
- OWASP MASVS
- STORAGE-1, CRYPTO-2
- OWASP MASTG
- TEST-0001, TEST-0013, TEST-0052, TEST-0062
- CAPEC
- 37, 117, 155, 191, 204
- SAFECODE
- 21, 29, 31
8
Adel can predict and use the app's cryptographic keys because they are insufficiently long and random, can be enumerated, or derived from known values
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0013, TEST-0016, TEST-0063
- CAPEC
- 20, 55, 112, 485
- SAFECODE
- 21, 29, 32, 33
9
Fady can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected)
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014
- CAPEC
- 97, 620
- SAFECODE
- 21, 29
10
Ash can break the cryptography because it is not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 20, 116, 117, 97, 112, 485
- SAFECODE
- 14, 23, 29, 31, 32, 33
J
Hassan can extract or modify sensitive data because functions for storage and/or encryption are weak, deprecated or used incorrectly
- OWASP MASVS
- CRYPTO-1, STORAGE-1
- OWASP MASTG
- TEST-0001, TEST-0014, TEST-0052, TEST-0061
- CAPEC
- 210, 212
- SAFECODE
- 15
Q
Simon can bypass hashing and encryption functions because they are custom and/or inadequately implemented
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 20, 116, 117, 97, 112, 485
- SAFECODE
- 14, 21, 29, 32, 33
K
Tarik can influence or alter cryptographic operations and can therefore bypass them
- OWASP MASVS
- CRYPTO-1, CRYPTO-2
- OWASP MASTG
- TEST-0014, TEST-0061, TEST-0062
- CAPEC
- 54, 97, 116, 117, 220
- SAFECODE
- 14, 21, 29
A
You have invented a new attack against “Cryptography”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Cryptography” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Garth can reduce app users' privacy because the app is not transparent about the app's data collection and usage in a concise, easily accessible and understandable way
- OWASP MASVS
- PRIVACY-3
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
3
Elsa can reduce app users' privacy because the app does not allow for the user to easily manage, delete and modify their data, change privacy settings and re-prompt for consent when more data is required
- OWASP MASVS
- PRIVACY-4
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
4
Elizabeth can reduce app users' privacy because the app sends too much personal data without the user's consent to downstream services that are outside the user's control
- OWASP MASVS
- PRIVACY-1
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
5
Debarghaya can reduce app users' privacy because the app repurpose personal information (e.g. device IDs, IP addresses, behavioral patterns) collected for security concerns in order to cater for commercial interests without consent
- OWASP MASVS
- PRIVACY-4
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
6
Kim can reduce app users' privacy because the app repurpose biometric information (e.g. fingerprints, facial recognition data, etc.) collected for security concerns in order to cater for commercial interests
- OWASP MASVS
- PRIVACY-2
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
7
Gastón can execute malicious actions through intent redirection because the intent is not properly sanitized and immutable
- OWASP MASVS
- CODE-4, PLATFORM-1
- OWASP MASTG
- TEST-0025, TEST-0030, TEST-0072
- CAPEC
- 499, 502
- SAFECODE
- -
8
Roxana can do arbitrary file overwrites and potentially execute malicious code through path traversal because the target path and directory is not appropriately validated
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- -
- CAPEC
- 126
- SAFECODE
- 16
9
Alessandro can exploit the app by taking advantage of buffer overflows and memory leaks to write foreign code within the mobile code's address space
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0043, TEST-0086
- CAPEC
- 92, 100
- SAFECODE
- 3, 6, 36
10
Carlos can use the application's notification services to launch phishing campaigns because notifications are not sanitized and validated according to best practices
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0025, TEST-0072
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
J
Luis can influence or alter cryptographic methods to corrupt other users' data because the integrity of the encrypted data is not verified before being shared with external services
- OWASP MASVS
- CRYPTO-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 23, 165, 442
- SAFECODE
- -
Q
Victor can patch the app and use it to distribute malicious code because the runtime integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0050
- CAPEC
- 167, 202, 554
- SAFECODE
- -
K
Ruben can use the app, without modifications, to spread malicious code because methods for transfer and storage do not perform proper data sanitization and validation
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0047, TEST-0090
- CAPEC
- 17, 23, 165, 167, 636
- SAFECODE
- -
A
You have invented a new attack of any type
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App User Privacy Protection” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
Joker
Mallory can influence, alter or affect the app so that it no longer complies with legal, regulatory, contractual or other mandates
Have you thought about becoming an individual OWASP member? All tools, guidance and local meetings are free for everyone, but individual membership helps support OWASP's work
Joker
Bob can use the app installed on Alice's device maliciously to surveil, spy on, eavesdrop, control remotely, track or otherwise monitor Alice, without consent and/or notification
Examine vulnerabilities and discover how they can be fixed using free MASTG reference applications on the OWASP MAS website
2
Brian can gather information about the underlying configurations, schemas, logic, code, software, services and infrastructure due to the content of error messages, or poor configuration, or the presence of default installation files or old, test, backup or copies of resources, or exposure of source code
- OWASP SCP
- 69, 107-109, 136, 137, 153, 156, 158, 162
- OWASP ASVS
- 1.6.4, 2.10.4, 4.3.2, 7.1.1, 10.2.3, 14.1.1, 14.2.2, 14.3.3
- OWASP AppSensor
- HT1-3
- CAPEC
- 54, 541
- SAFECODE
- 4, 23
3
Robert can input malicious data because the allowed protocol format is not being checked, or duplicates are accepted, or the structure is not being verified, or the individual data elements are not being validated for format, type, range, length and a whitelist of allowed characters or formats
- OWASP SCP
- –
- OWASP ASVS
- 1.5.3, 5.1.1-4, 13.2.1, 14.1.2, 14.4.1
- OWASP AppSensor
- RE7-8, AE4-7, IE2-3, CIE1, CIE3-4, HT1-3
- CAPEC
- 28, 48, 126, 165, 213, 220, 221, 261, 262, 271, 272
- SAFECODE
- 3, 16, 24, 35
4
Dave can input malicious field names or data because it is not being checked within the context of the current user and process
- OWASP SCP
- 8, 10, 183
- OWASP ASVS
- 4.2.1, 5.1.1, 5.1.2, 11.1.1, 11.1.2
- OWASP AppSensor
- RE3-6, AE8-11, SE1, SE3-6, IE2-4, HT1-3
- CAPEC
- 28, 31, 48, 126, 162, 165, 213, 220, 221, 261
- SAFECODE
- 24, 35
5
Jee can bypass the centralized encoding routines since they are not being used everywhere, or the wrong encodings are being used
- OWASP SCP
- 3, 15, 18-22, 168
- OWASP ASVS
- 1.1.6, 5.3.3, 5.2.1, 5.2.2, 5.2.5
- OWASP AppSensor
- –
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
6
Jason can bypass the centralized validation routines since they are not being used on all inputs
- OWASP SCP
- 3, 168
- OWASP ASVS
- 1.1.6, 1.5.3, 5.1.3, 13.2.2, 13.2.5
- OWASP AppSensor
- IE2, IE3
- CAPEC
- 28
- SAFECODE
- 3, 16, 24
7
Jan can craft special payloads to foil input validation because the character set is not specified/enforced, or the data is encoded multiple times, or the data is not fully converted into the same format the application uses (e.g. canonicalization) before being validated, or variables are not strongly typed
- OWASP SCP
- 4, 5, 7, 150
- OWASP ASVS
- 1.5.3, 13.2.2, 13.2.5
- OWASP AppSensor
- IE2, IE3, EE1, EE2
- CAPEC
- 28, 153, 165
- SAFECODE
- 3, 16, 24
8
Oana can bypass the centralized sanitization routines since they are not being used comprehensively
- OWASP SCP
- 15, 169
- OWASP ASVS
- 1.1.6, 5.2.2, 5.2.5
- OWASP AppSensor
- –
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
9
Shamun can bypass input validation or output validation checks because validation failures are not rejected and/or sanitized
- OWASP SCP
- 6, 21, 22, 168
- OWASP ASVS
- 7.1.3
- OWASP AppSensor
- IE2, IE3
- CAPEC
- 28
- SAFECODE
- 3, 16, 24
10
Darío can exploit the trust the application places in a source of data (e.g. user-definable data, manipulation of locally stored data, alteration to state data on a client device, lack of verification of identity during data validation such as Darío can pretend to be Colin)
- OWASP SCP
- 2, 19, 92, 95, 180
- OWASP ASVS
- 1.12.2, 5.1.3, 9.2.3, 12.2.1, 12.3.1-3, 12.4.2, 12.5.2, 14.5.3
- OWASP AppSensor
- IE4, IE5
- CAPEC
- 12, 51, 57, 90, 111, 145, 194, 195, 202, 218, 463
- SAFECODE
- 14
J
Toby has control over input validation, output validation or output encoding code or routines so they can be bypassed
- OWASP SCP
- 1, 17
- OWASP ASVS
- 1.5.3
- OWASP AppSensor
- RE3, RE4
- CAPEC
- 87, 207, 554
- SAFECODE
- 2, 17
Q
Xavier can inject data into a client or device side interpreter because a parameterised interface is not being used, or has not been implemented correctly, or the data has not been encoded correctly for the context, or there is no restrictive policy on code or data includes
- OWASP SCP
- 10, 15, 16, 19, 20
- OWASP ASVS
- 5.2.1, 5.2.5, 5.3.3, 5.5.4
- OWASP AppSensor
- IE1, RP3
- CAPEC
- 28, 31, 152, 160, 468
- SAFECODE
- 2, 17
K
Gabe can inject data into an server-side interpreter (e.g. SQL, OS commands, Xpath, Server JavaScript, SMTP) because a strongly typed parameterised interface is not being used or has not been implemented correctly
- OWASP SCP
- 15, 19-22, 167, 180, 204, 211, 212
- OWASP ASVS
- 5.2.1, 5.2.2, 5.3.4, 5.3.7-10
- OWASP AppSensor
- CIE1, CIE2
- CAPEC
- 23, 28, 76, 152, 160, 261
- SAFECODE
- 2, 19, 20
A
You have invented a new attack against Data Validation and Encoding
Read more about this topic in OWASP's free Cheat Sheets on Input Validation, XSS Prevention, DOM-based XSS Prevention, SQL Injection Prevention, and Query Parameterization
2
James can undertake authentication functions without the real user ever being aware this has occurred (e.g. attempt to log in, log in with stolen credentials, reset the password)
- OWASP SCP
- 47, 52
- OWASP ASVS
- 2.5.2, 7.1.2, 7.1.4, 7.2.1, 8.2.1, 8.2.2, 8.2.3, 8.3.6
- OWASP AppSensor
- UT1
- CAPEC
- –
- SAFECODE
- 28
3
Muhammad can obtain a user's password or other secrets such as security questions, by observation during entry, or from a local cache, or from memory, or in transit, or by reading it from some unprotected location, or because it is widely known, or because it never expires, or because the user cannot change her own password
- OWASP SCP
- 36, 37, 40, 43, 48, 51, 119, 139, 140, 146
- OWASP ASVS
- 2.5.2, 2.5.3
- OWASP AppSensor
- –
- CAPEC
- 37, 546
- SAFECODE
- 28
4
Sebastien can easily identify user names or can enumerate them
- OWASP SCP
- 33, 53
- OWASP ASVS
- 2.2.1, 4.1.5
- OWASP AppSensor
- AE1
- CAPEC
- 383
- SAFECODE
- 28
5
Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application
- OWASP SCP
- 54, 175, 178
- OWASP ASVS
- 4.1.5
- OWASP AppSensor
- AE12, HT3
- CAPEC
- 70
- SAFECODE
- 28
6
Sven can reuse a temporary password because the user does not have to change it on first use, or it has too long or no expiry, or it does not use an out-of-band delivery method (e.g. post, mobile app, SMS)
- OWASP SCP
- 37, 45, 46, 178
- OWASP ASVS
- 2.5.6
- OWASP AppSensor
- –
- CAPEC
- 50
- SAFECODE
- 28
7
Cecilia can use brute force and dictionary attacks against one or many accounts without limit, or these attacks are simplified due to insufficient complexity, length, expiration and re-use requirements for passwords
- OWASP SCP
- 33, 38, 39, 41, 50, 53
- OWASP ASVS
- 2.1.2, 2.1.7, 2.1.10, 2.2.1
- OWASP AppSensor
- AE2, AE3
- CAPEC
- 2, 16
- SAFECODE
- 27
8
Kate can bypass authentication because it does not fail secure (i.e. it defaults to allowing unauthenticated access)
- OWASP SCP
- 28
- OWASP ASVS
- 4.1.5
- OWASP AppSensor
- –
- CAPEC
- 115
- SAFECODE
- 28
9
Claudia can undertake more critical functions because authentication requirements are too weak (e.g. do not use strong authentication such as two factor), or there is no requirement to re-authenticate for these
- OWASP SCP
- 55, 56
- OWASP ASVS
- 1.4.5, 2.1.6, 2.2.4, 4.1.3, 4.3.3
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
10
Pravin can bypass authentication controls because a centralized standard, tested, proven and approved authentication module/framework/service, separate to the resource being requested, is not being used
- OWASP SCP
- 25, 26, 27
- OWASP ASVS
- 1.1.6, 1.4.4
- OWASP AppSensor
- –
- CAPEC
- 90, 115
- SAFECODE
- 14, 28
J
Mark can access resources or services because there is no authentication requirement, or it was mistakenly assumed authentication would be undertaken by some other system or performed in some previous action
- OWASP SCP
- 23, 32, 34
- OWASP ASVS
- 1.4.5, 4.3.1
- OWASP AppSensor
- –
- CAPEC
- 115
- SAFECODE
- 14, 28
Q
Johan can bypass authentication because it is not enforced with equal rigor for all types of authentication functionality (e.g. register, password change, password recovery, log out, administration) or across all versions/channels (e.g. mobile website, mobile app, full website, API, call centre)
- OWASP SCP
- 23, 29, 42, 49
- OWASP ASVS
- 1.4.5, 2.5.6, 2.5.7, 4.3.1
- OWASP AppSensor
- –
- CAPEC
- 36, 50, 115, 121, 179
- SAFECODE
- 14, 28
K
Olga can influence or alter authentication code/routines so they can be bypassed
- OWASP SCP
- 24
- OWASP ASVS
- 4.1.1, 10.2.3, 10.2.4-6
- OWASP AppSensor
- –
- CAPEC
- 115, 207, 554
- SAFECODE
- 14, 28
A
You have invented a new attack against Authentication
Read more about this topic in OWASP's free Authentication Cheat Sheet
2
William has control over the generation of session identifiers
- OWASP SCP
- 58, 59
- OWASP ASVS
- 3.7.1
- OWASP AppSensor
- SE2
- CAPEC
- 31, 60, 61
- SAFECODE
- 28
3
Ryan can use a single account in parallel since concurrent sessions are allowed
- OWASP SCP
- 68
- OWASP ASVS
- 3.3.3, 3.3.4
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 28
4
Alison can set session identification cookies on another web application because the domain and path are not restricted sufficiently
- OWASP SCP
- 59, 61
- OWASP ASVS
- 3.4.1-5
- OWASP AppSensor
- SE2
- CAPEC
- 31, 61
- SAFECODE
- 28
5
John can predict or guess session identifiers because they are not changed when the user's role alters (e.g. pre and post authentication) and when switching between non-encrypted and encrypted communications, or are not sufficiently long and random, or are not changed periodically
- OWASP SCP
- 60, 62, 66, 67, 71, 72
- OWASP ASVS
- 3.2.1, 3.2.2, 3.2.4, 3.3.1
- OWASP AppSensor
- SE4-6
- CAPEC
- 31
- SAFECODE
- 28
6
Gary can take over a user's session because there is a long or no inactivity timeout, or a long or no overall session time limit, or the same session can be used from more than one device/location
- OWASP SCP
- 64, 65
- OWASP ASVS
- 3.3.2, 3.3.3, 3.3.4
- OWASP AppSensor
- SE5, SE6
- CAPEC
- 21
- SAFECODE
- 28
7
Graham can utilize Adam's session after he has finished, because there is no log out function, or he cannot easily log out, or log out does not properly terminate the session
- OWASP SCP
- 62, 63
- OWASP ASVS
- 3.3.1, 3.3.4
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 28
8
Matt can abuse long sessions because the application does not require periodic re-authentication to check if privileges have changed
- OWASP SCP
- 96
- OWASP ASVS
- 3.3.2, 3.6.1
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 28
9
Ivan can steal session identifiers because they are sent over insecure channels, or are logged, or are revealed in error messages, or are included in URLs, or are accessible un-necessarily by code which the attacker can influence or alter
- OWASP SCP
- 69, 75, 76, 119, 138
- OWASP ASVS
- 1.9.1, 3.1.1, 7.1.1, 7.1.2, 7.2.1, 9.1.3, 9.2.2
- OWASP AppSensor
- SE4-6
- CAPEC
- 31, 60
- SAFECODE
- 28
10
Marce can forge requests because per-session, or per-request for more critical actions, strong random tokens (i.e. anti-CSRF tokens) or similar are not being used for actions that change state
- OWASP SCP
- 73, 74
- OWASP ASVS
- 4.2.2
- OWASP AppSensor
- IE4
- CAPEC
- 62, 111
- SAFECODE
- 18
J
Jeff can resend an identical repeat interaction (e.g. HTTP request, signal, button press) and it is accepted, not rejected
- OWASP SCP
- –
- OWASP ASVS
- 11.1.1, 11.1.2, 11.1.3
- OWASP AppSensor
- IE5
- CAPEC
- 60
- SAFECODE
- 12, 14
Q
Salim can bypass session management because it is not applied comprehensively and consistently across the application
- OWASP SCP
- 58
- OWASP ASVS
- 1.1.6, 3.7.1
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
K
Peter can bypass the session management controls because they have been self-built and/or are weak, instead of using a standard framework or approved tested module
- OWASP SCP
- 58, 60
- OWASP ASVS
- 1.1.6
- OWASP AppSensor
- –
- CAPEC
- 21
- SAFECODE
- 14, 28
A
You have invented a new attack against Session Management
Read more about this topic in OWASP's free Cheat Sheets on Session Management, and Cross Site Request Forgery (CSRF) Prevention
2
Kyun can access data because it has been obfuscated rather than using an approved cryptographic function
- OWASP SCP
- 105, 133, 135
- OWASP ASVS
- 6.2.2
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 21, 29
3
Axel can modify transient or permanent data (stored or in transit), or source code, or updates/patches, or configuration data, because it is not subject to integrity checking
- OWASP SCP
- 92, 205, 212
- OWASP ASVS
- 10.2.3-6, 10.3.1, 10.3.2, 14.1.1, 14.1.4, 14.1.5
- OWASP AppSensor
- SE1, IE4
- CAPEC
- 31, 39, 68, 75, 133, 145, 162, 203, 438, 439, 442
- SAFECODE
- 12, 14
4
Paulo can access data in transit that is not encrypted, even though the channel is encrypted
- OWASP SCP
- 37, 88, 143, 214
- OWASP ASVS
- 8.3.4, 9.1.1
- OWASP AppSensor
- –
- CAPEC
- 185, 186, 187
- SAFECODE
- 14, 29, 30
5
Kyle can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected)
- OWASP SCP
- 103, 145
- OWASP ASVS
- 1.9.1, 6.2.1, 9.1.3, 9.2.2
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 21, 29
6
Romain can read and modify unencrypted data in memory or in transit (e.g. cryptographic secrets, credentials, session identifiers, personal and commercially-sensitive data), in use or in communications within the application, or between the application and users, or between the application and external systems
- OWASP SCP
- 36, 37, 143, 146, 147
- OWASP ASVS
- 1.9.1, 2.2.5, 2.5.1, 8.3.4, 8.3.6, 9.1.3, 9.2.2
- OWASP AppSensor
- –
- CAPEC
- 31, 57, 102, 157, 158, 384, 466, 546
- SAFECODE
- 29
7
Gunter can intercept or modify encrypted data in transit because the protocol is poorly deployed, or weakly configured, or certificates are invalid, or certificates are not trusted, or the connection can be degraded to a weaker or un-encrypted communication
- OWASP SCP
- 75, 144, 145, 148
- OWASP ASVS
- 1.9.2, 6.2.7, 9.1.1, 9.2.1, 9.2.4, 14.4.5
- OWASP AppSensor
- IE4
- CAPEC
- 31, 216
- SAFECODE
- 14, 29, 30
8
Eoin can access stored business data (e.g. passwords, session identifiers, PII, cardholder data) because it is not securely encrypted or securely hashed
- OWASP SCP
- 30, 31, 70, 133, 135
- OWASP ASVS
- 2.4.1, 6.2.2, 6.2.3, 8.3.4
- OWASP AppSensor
- –
- CAPEC
- 31, 37, 55
- SAFECODE
- 21, 29, 31
9
Andy can bypass random number generation, random GUID generation, hashing and encryption functions because they have been self-built and/or are weak
- OWASP SCP
- 60, 104, 105
- OWASP ASVS
- 6.2.2, 6.2.3, 6.3.1, 6.3.3
- OWASP AppSensor
- –
- CAPEC
- 97
- SAFECODE
- 14, 21, 29, 32, 33
10
Susanna can break the cryptography in use because it is not strong enough for the degree of protection required, or it is not strong enough for the amount of effort the attacker is willing to make
- OWASP SCP
- 104, 105
- OWASP ASVS
- 6.3.3
- OWASP AppSensor
- –
- CAPEC
- 97, 463
- SAFECODE
- 14, 21, 29, 31, 32, 33
J
Justin can read credentials for accessing internal or external resources, services and others systems because they are stored in an unencrypted format, or saved in the source code
- OWASP SCP
- 35, 90, 171, 172
- OWASP ASVS
- 1.6.1, 1.6.2, 1.6.4, 2.10.4, 6.4.1, 6.4.2
- OWASP AppSensor
- –
- CAPEC
- 116
- SAFECODE
- 21, 29
Q
Artim can access or predict the master cryptographic secrets
- OWASP SCP
- 35, 102
- OWASP ASVS
- 1.6.1-3, 6.2.3, 8.3.6
- OWASP AppSensor
- –
- CAPEC
- 116, 117
- SAFECODE
- 21, 29
K
Dan can influence or alter cryptography code/routines (encryption, hashing, digital signatures, random number and GUID generation) and can therefore bypass them
- OWASP SCP
- 31, 101
- OWASP ASVS
- 1.6.2, 6.2.5-8
- OWASP AppSensor
- –
- CAPEC
- 207, 554
- SAFECODE
- 14, 21, 29
A
You have invented a new attack against Cryptography
Read more about this topic in OWASP's free Cheat Sheets on Cryptographic Storage, and Transport Layer Protection
2
Lee can bypass application controls because dangerous/risky programming language functions have been used instead of safer alternatives, or there are type conversion errors, or because the application is unreliable when an external resource is unavailable, or there are race conditions, or there are resource initialization or allocation issues, or overflows can occur
- OWASP SCP
- 194-202, 205-209
- OWASP ASVS
- 14.1.2
- OWASP AppSensor
- –
- CAPEC
- 25, 26, 29, 96, 123, 124, 128, 129, 264, 265
- SAFECODE
- 3, 5, 6, 7, 9, 22, 25, 26, 34
3
Andrew can access source code, or decompile, or otherwise access business logic to understand how the application works and any secrets contained
- OWASP SCP
- 134
- OWASP ASVS
- 14.1.1
- OWASP AppSensor
- –
- CAPEC
- 189, 207
- SAFECODE
- –
4
Keith can perform an action and it is not possible to attribute it to him
- OWASP SCP
- 23, 32, 34, 42, 51, 181
- OWASP ASVS
- 7.2.1, 7.2.2
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- –
5
Larry can influence the trust other parties including users have in the application, or abuse that trust elsewhere (e.g. in another application)
- OWASP SCP
- –
- OWASP ASVS
- 1.9.2, 9.1.1, 5.1.5, 9.2.1, 9.2.4
- OWASP AppSensor
- –
- CAPEC
- 89, 103, 181, 459
- SAFECODE
- –
6
Aaron can bypass controls because error/exception handling is missing, or is implemented inconsistently or partially, or does not deny access by default (i.e. errors should terminate access/execution), or relies on handling by some other service or system
- OWASP SCP
- 109-112, 155
- OWASP ASVS
- 4.1.5, 7.1.4
- OWASP AppSensor
- –
- CAPEC
- 54, 98, 164
- SAFECODE
- 4, 11, 23
7
Mwengu's actions cannot be investigated because there is not an adequate accurately time-stamped record of security events, or there is not a full audit trail, or these can be altered or deleted by Mwengu, or there is no centralized logging service
- OWASP SCP
- 113, 114, 115, 117, 118, 121-130
- OWASP ASVS
- 7.1.2, 7.1.4, 7.2.1, 7.2.2, 7.3.1, 7.3.3, 8.3.5, 9.2.5
- OWASP AppSensor
- –
- CAPEC
- 93
- SAFECODE
- 4
8
David can bypass the application to gain access to data because the network and host infrastructure, and supporting services/applications, have not been securely configured, the configuration rechecked periodically and security patches applied, or the data is stored locally, or the data is not physically protected
- OWASP SCP
- 151, 152, 156, 160, 161, 173-177
- OWASP ASVS
- 1.4.5, 10.3.1, 10.3.2, 14.1.4, 14.1.5, 14.2.1, 14.2.2
- OWASP AppSensor
- RE1, RE2
- CAPEC
- 37, 220, 310, 436, 536
- SAFECODE
- –
9
Michael can bypass the application to gain access to data because administrative tools or administrative interfaces are not secured adequately
- OWASP SCP
- 23, 29, 56, 81, 82, 84-90
- OWASP ASVS
- 1.4.5, 4.3.1
- OWASP AppSensor
- –
- CAPEC
- 122, 233
- SAFECODE
- –
10
Spyros can circumvent the application's controls because code frameworks, libraries and components contain malicious code or vulnerabilities (e.g. in-house, commercial off the shelf, outsourced, open source, externally-located)
- OWASP SCP
- 57, 151, 152, 204, 205, 213, 214
- OWASP ASVS
- 1.14.3, 10.1.1, 10.2.3-6, 14.2.1
- OWASP AppSensor
- –
- CAPEC
- 68, 438, 439, 442, 524, 538
- SAFECODE
- 15
J
Roman can exploit the application because it was compiled using out-of-date tools, or its configuration is not secure by default, or security information was not documented and passed on to operational teams
- OWASP SCP
- 90, 137, 148, 151-154, 175-179, 186, 192
- OWASP ASVS
- 1.14.3, 14.1.1-5, 14.2.1
- OWASP AppSensor
- –
- CAPEC
- –
- SAFECODE
- 4
Q
Jim can undertake malicious, non-normal, actions without real-time detection and response by the application
- OWASP SCP
- –
- OWASP ASVS
- 8.1.4, 11.1.1-4
- OWASP AppSensor
- (All)
- CAPEC
- –
- SAFECODE
- 1, 27
K
Grant can utilize the application to deny service to some or all of its users
- OWASP SCP
- 41, 55
- OWASP ASVS
- 2.2.1, 11.1.3, 11.1.4
- OWASP AppSensor
- UT1-4, STE3
- CAPEC
- 2, 25, 119, 125
- SAFECODE
- 1
A
You have invented a new attack of any type
Read more about application security in OWASP's free Guides on Requirements, Development, Code Review and Testing, the Cheat Sheet series, and the Open Software Assurance Maturity Model
Joker
Alice can utilize the application to attack users' systems and data
Have you thought about becoming an individual OWASP member? All tools, guidance and local meetings are free for everyone, but individual membership helps support OWASP's work
Joker
Bob can influence, alter or affect the application so that it no longer complies with legal, regulatory, contractual or other organizational mandates
Examine vulnerabilities and discover how they can be fixed using the free OWASP® Juice Shop, Security Shepherd, or using the online challenges in the free OWASP® Hacking-lab
2
Andrew can expose sensitive data through the app's auto-generated screenshots when the app moves to the background
- OWASP MASVS
- PLATFORM-3
- OWASP MASTG
- TEST-0010, TEST-0059
- CAPEC
- 37, 155, 498, 648
- SAFECODE
- -
3
Harold can spy sensitive data being entered through the user interface because the data is excessive, not properly masked or cleaned up after use
- OWASP MASVS
- PLATFORM-3
- OWASP MASTG
- TEST-0008, TEST-0037, TEST-0057
- CAPEC
- 508
- SAFECODE
- -
4
Kelly can expose sensitive data by taking advantage of the app's excessive permissions connected to the app's use of location, camera, microphone, storage, etc
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0024, TEST-0069
- CAPEC
- 634, 651
- SAFECODE
- 11
5
Jason can provoke memory leak or corruption because the app has cyclic dependencies, manages pointers inadequately, keeps an incorrect reference count, does not release shared resources or apply stack protection
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0043, TEST-0044, TEST-0086
- CAPEC
- 14, 24, 44, 45, 46, 47, 92, 100, 124, 128, 129, 131, 679
- SAFECODE
- 7, 9, 34, 36
6
Dawn can expose and intercept sensitive functionality through interprocess communication because permissions for broadcast and sharing are not set, not narrow enough or appropriately excluded when sharing
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0029, TEST-0030, TEST-0071
- CAPEC
- 94, 117, 499, 502, 504
- SAFECODE
- 8, 10, 11
7
Lauren can traverse or modify otherwise protected files through access to the underlying file system by exploiting weaknesses in file system-based content providers, resolvers or its configuration
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0007, TEST-0056
- CAPEC
- 126, 127, 139, 597, 643
- SAFECODE
- 16, 33
8
Colin can expose sensitive data through the app's interprocess communication because the content provider's query methods are not properly parameterized and arguments sanitized
- OWASP MASVS
- PLATFORM-1
- OWASP MASTG
- TEST-0007, TEST-0056
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
9
Toby can modify or expose data by injection because the response from implicit intents is not properly validated
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0026
- CAPEC
- 497, 499, 502
- SAFECODE
- 17
10
Max can modify or expose data because input validation and sanitation are not properly applied to interprocess communication or because extensions are not properly restricted
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0025, TEST-0072
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
J
Johan can modify or expose sensitive data by exploiting weaknesses in the SDK or third party libraries because updates to the app and platform are not enforced or do not patch known software vulnerabilities
- OWASP MASVS
- CODE-1, CODE-2, CODE-3
- OWASP MASTG
- TEST-0036, TEST-0042, TEST-0080, TEST-0085
- CAPEC
- 310, 538, 691
- SAFECODE
- -
Q
Xavier can inject scripts into the web view because it allows embedding content using deep linking without proper authorization and validation of the host, schema and path of the target as these can be changed by the user or because safe browsing is disabled
- OWASP MASVS
- PLATFORM-1, PLATFORM-2
- OWASP MASTG
- TEST-0027, TEST-0028, TEST-0031, TEST-0070, TEST-0076, TEST-0077
- CAPEC
- 175, 240, 242, 500, 591, 592
- SAFECODE
- 17
K
Grant can modify or expose data by influencing or altering JavaScript bridges, extensions or interprocess communication (e.g. shared memory, message passing, pipes, sockets)
- OWASP MASVS
- PLATFORM-1, PLATFORM-2
- OWASP MASTG
- TEST-0007, TEST-0030, TEST-0033, TEST-0056, TEST-0072, TEST-0078
- CAPEC
- 137, 138, 499, 502, 586
- SAFECODE
- -
A
You have invented a new attack against “Platform and Code”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Code Quality” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Matt can inspect sensitive application log data because logging statements have not been removed or reviewed as safe before the production release
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0003, TEST-0053
- CAPEC
- 155
- SAFECODE
- 11, 23, 29
3
Bil can access sensitive data for sensitive fields from the pasteboard/clipboard or keyboard cache because the pasteboard/clipboard is not timely cleared, disabled or restricted for sensitive fields, or the keyboard cache is not disabled
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0006, TEST-0055, TEST-0073
- CAPEC
- 204, 637, 679
- SAFECODE
- -
4
Ricardo can extract data stored by the app on a stolen or decommissioned device because it does not enforce device access security policies (e.g. PIN protected locking, app-/os-version, USB debug deactivation, device encryption and rooting)
- OWASP MASVS
- STORAGE-1
- OWASP MASTG
- TEST-0012
- CAPEC
- 406, 675
- SAFECODE
- -
5
Kevin can read sensitive data mapped to user accounts or sessions by extracting data sent through third-party libraries and/or notifications sent between the app and embedded services (e.g. logs, notifications, backups, cache, local db)
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0004, TEST-0005, TEST-0054
- CAPEC
- 155, 161, 204, 220, 639, 643
- SAFECODE
- 11, 23, 29
6
Sam can dump sensitive data from memory because the data is not stored as primitive data types and overwritten with random data after use or because the app's input fields use insecure SDKs to store the data in RAM
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- TEST-0011, TEST-0060
- CAPEC
- 679
- SAFECODE
- -
7
Steve can access sensitive data by reading backups and/or local, internal/external storage
- OWASP MASVS
- STORAGE-1, STORAGE-2
- OWASP MASTG
- TEST-0001, TEST-0003, TEST-0009, TEST-0052, TEST-0053, TEST-0058
- CAPEC
- 37, 155, 204, 639, 643
- SAFECODE
- 11, 23, 29
8
Martin can modify or expose sensitive data through unsafe reflection when reading data from public data storage (e.g. shared preferences) because the data is not validated before being read by the app
- OWASP MASVS
- STORAGE-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 176
- SAFECODE
- -
9
Adrian can compromise the app communication through a proxy because the app does not make use of certificate pinning or implements it incorrectly
- OWASP MASVS
- NETWORK-2
- OWASP MASTG
- TEST-0022, TEST-0068
- CAPEC
- 57, 94, 156, 465, 466, 479, 701
- SAFECODE
- 14, 30
10
Maarten can compromise the communication between the app and the external services because the app does not verify TLS certificates and -chains, trust insecure sources, lack hostname verification or ignore TLS verification issues
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0019, TEST-0021, TEST-0065, TEST-0067
- CAPEC
- 57, 94, 156, 465, 466, 479, 701
- SAFECODE
- 14, 29, 30
J
Nihel can compromise the communication as it may fall back to an insecure or unencrypted channel, because encryption is optional, or because of client-server protocol or security provider weaknesses
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0020, TEST-0023, TEST-0066
- CAPEC
- 57, 94, 156, 220, 459, 465, 466
- SAFECODE
- 12, 14, 29, 30
Q
Ahmed can read and modify data in transit because the communication is transmitted over an unencrypted channel
- OWASP MASVS
- NETWORK-1
- OWASP MASTG
- TEST-0019, TEST-0065
- CAPEC
- 31, 36, 57, 102, 157, 158, 384, 466
- SAFECODE
- 29, 30
K
Taher can intercept, extract or modify sensitive data at rest or in transit by influencing or altering methods for transferring or storing data at rest or in transit
- OWASP MASVS
- STORAGE-1
- OWASP MASTG
- TEST-0001, TEST-0052
- CAPEC
- 75, 76, 113, 153, 161, 165, 176, 190, 207, 210, 554, 562
- SAFECODE
- 12, 19
A
You have invented a new attack against “Network & Storage”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Network Communication” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Sebastien can disclose sensitive data because the application is set up to log debug information at runtime
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0041, TEST-0084
- CAPEC
- 37, 167, 191
- SAFECODE
- -
3
Tobias can disclose sensitive data by dumping debug symbols while the application is running
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0040, TEST-0083
- CAPEC
- 37, 167, 191
- SAFECODE
- -
4
Timur can change the code of the production release because the code of the application has not been properly signed using a valid production certificate
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0038, TEST-0081
- CAPEC
- 68, 167, 206, 476
- SAFECODE
- 14
5
Matteo can bypass access controls and trigger functionality because debugging is left enabled in the production build
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0039, TEST-0082
- CAPEC
- 115, 167, 554
- SAFECODE
- -
6
Joren can bypass access controls because the anti-debugging controls aren't strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0046, TEST-0089
- CAPEC
- 115, 167, 554
- SAFECODE
- -
7
Erlend can compromise the app by running it in an emulator because the prevention against emulators are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-1
- OWASP MASTG
- TEST-0049, TEST-0092
- CAPEC
- 189, 554
- SAFECODE
- -
8
Carlos can reverse engineer the app because the prevention against the use of anti reverse engineering tools are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0048, TEST-0091
- CAPEC
- 167, 554
- SAFECODE
- -
9
Sean can reverse engineer the app because the code obfuscation is not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-3
- OWASP MASTG
- TEST-0051, TEST-0093
- CAPEC
- 167, 554
- SAFECODE
- -
10
Juan can bypass jailbreak and root detection and execute administrative functions to bypass integrity checks and access controls and trigger app functionality
- OWASP MASVS
- RESILIENCE-1
- OWASP MASTG
- TEST-0045, TEST-0088
- CAPEC
- 167, 660, 661
- SAFECODE
- -
J
Pekka can compromise the integrity of the storage because the file integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0047, TEST-0090
- CAPEC
- 23, 165, 167
- SAFECODE
- -
Q
Titus can patch out critical functionality because the runtime integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0050
- CAPEC
- 167, 554
- SAFECODE
- -
K
Sherif can influence or alter controls against reverse engineering and runtime protection and can therefore bypass them
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0046, TEST-0089
- CAPEC
- 167, 554
- SAFECODE
- -
A
You have invented a new attack against Authorization
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Tampering and Reverse Engineering” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Lesego can compromise cryptographic operations and resources because keys are reused for multiple purposes, or not used according to the purpose for which they were created
- OWASP MASVS
- CRYPTO-2
- OWASP MASTG
- TEST-0015, TEST-0062
- CAPEC
- 97, 116, 117
- SAFECODE
- 14, 29
3
Emery can access data because it has been obfuscated rather than using an approved cryptographic function
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 37, 204
- SAFECODE
- 21, 29
4
Enselme can modify sensitive data (stored or in transit) because it is not subject to integrity checking
- OWASP MASVS
- CRYPTO-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 68, 75, 145, 438, 439, 442
- SAFECODE
- 12, 14
5
Orace can predict the seed value used for generating cryptographic keys thereby compromising the cryptographic key
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0016, TEST-0063
- CAPEC
- 20, 112, 485
- SAFECODE
- 29, 33
6
Kouti can extract sensitive data because the cryptographic key, used, is hard-coded or stored insecurely such as in local, internal/external storage
- OWASP MASVS
- STORAGE-1, CRYPTO-1, CRYPTO-2
- OWASP MASTG
- TEST-0001, TEST-0013, TEST-0052, TEST-0062
- CAPEC
- 37, 117, 155, 191, 204
- SAFECODE
- 21, 29
7
Ramsey can access stored sensitive data because it is not securely encrypted
- OWASP MASVS
- STORAGE-1, CRYPTO-2
- OWASP MASTG
- TEST-0001, TEST-0013, TEST-0052, TEST-0062
- CAPEC
- 37, 117, 155, 191, 204
- SAFECODE
- 21, 29, 31
8
Adel can predict and use the app's cryptographic keys because they are insufficiently long and random, can be enumerated, or derived from known values
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0013, TEST-0016, TEST-0063
- CAPEC
- 20, 55, 112, 485
- SAFECODE
- 21, 29, 32, 33
9
Fady can bypass cryptographic controls because they do not fail securely (i.e. they default to unprotected)
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014
- CAPEC
- 97, 620
- SAFECODE
- 21, 29
10
Ash can break the cryptography because it is not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 20, 116, 117, 97, 112, 485
- SAFECODE
- 14, 23, 29, 31, 32, 33
J
Hassan can extract or modify sensitive data because functions for storage and/or encryption are weak, deprecated or used incorrectly
- OWASP MASVS
- CRYPTO-1, STORAGE-1
- OWASP MASTG
- TEST-0001, TEST-0014, TEST-0052, TEST-0061
- CAPEC
- 210, 212
- SAFECODE
- 15
Q
Simon can bypass hashing and encryption functions because they are custom and/or inadequately implemented
- OWASP MASVS
- CRYPTO-1
- OWASP MASTG
- TEST-0014, TEST-0061
- CAPEC
- 20, 116, 117, 97, 112, 485
- SAFECODE
- 14, 21, 29, 32, 33
K
Tarik can influence or alter cryptographic operations and can therefore bypass them
- OWASP MASVS
- CRYPTO-1, CRYPTO-2
- OWASP MASTG
- TEST-0014, TEST-0061, TEST-0062
- CAPEC
- 54, 97, 116, 117, 220
- SAFECODE
- 14, 21, 29
A
You have invented a new attack against “Cryptography”
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App Cryptography” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
2
Garth can reduce app users' privacy because the app is not transparent about the app's data collection and usage in a concise, easily accessible and understandable way
- OWASP MASVS
- PRIVACY-3
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
3
Elsa can reduce app users' privacy because the app does not allow for the user to easily manage, delete and modify their data, change privacy settings and re-prompt for consent when more data is required
- OWASP MASVS
- PRIVACY-4
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
4
Elizabeth can reduce app users' privacy because the app sends too much personal data without the user's consent to downstream services that are outside the user's control
- OWASP MASVS
- PRIVACY-1
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
5
Debarghaya can reduce app users' privacy because the app repurpose personal information (e.g. device IDs, IP addresses, behavioral patterns) collected for security concerns in order to cater for commercial interests without consent
- OWASP MASVS
- PRIVACY-4
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
6
Kim can reduce app users' privacy because the app repurpose biometric information (e.g. fingerprints, facial recognition data, etc.) collected for security concerns in order to cater for commercial interests
- OWASP MASVS
- PRIVACY-2
- OWASP MASTG
- -
- CAPEC
- 410
- SAFECODE
- -
7
Gastón can execute malicious actions through intent redirection because the intent is not properly sanitized and immutable
- OWASP MASVS
- CODE-4, PLATFORM-1
- OWASP MASTG
- TEST-0025, TEST-0030, TEST-0072
- CAPEC
- 499, 502
- SAFECODE
- -
8
Roxana can do arbitrary file overwrites and potentially execute malicious code through path traversal because the target path and directory is not appropriately validated
- OWASP MASVS
- STORAGE-2
- OWASP MASTG
- -
- CAPEC
- 126
- SAFECODE
- 16
9
Alessandro can exploit the app by taking advantage of buffer overflows and memory leaks to write foreign code within the mobile code's address space
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0043, TEST-0086
- CAPEC
- 92, 100
- SAFECODE
- 3, 6, 36
10
Carlos can use the application's notification services to launch phishing campaigns because notifications are not sanitized and validated according to best practices
- OWASP MASVS
- CODE-4
- OWASP MASTG
- TEST-0025, TEST-0072
- CAPEC
- 137, 499, 502, 586
- SAFECODE
- -
J
Luis can influence or alter cryptographic methods to corrupt other users' data because the integrity of the encrypted data is not verified before being shared with external services
- OWASP MASVS
- CRYPTO-1, CODE-4
- OWASP MASTG
- TEST-0002
- CAPEC
- 23, 165, 442
- SAFECODE
- -
Q
Victor can patch the app and use it to distribute malicious code because the runtime integrity checks are not strong enough according to what is recommended or the perceived effort of a potential attacker
- OWASP MASVS
- RESILIENCE-4
- OWASP MASTG
- TEST-0050
- CAPEC
- 167, 202, 554
- SAFECODE
- -
K
Ruben can use the app, without modifications, to spread malicious code because methods for transfer and storage do not perform proper data sanitization and validation
- OWASP MASVS
- RESILIENCE-2
- OWASP MASTG
- TEST-0047, TEST-0090
- CAPEC
- 17, 23, 165, 167, 636
- SAFECODE
- -
A
You have invented a new attack of any type
Read more about this topic in OWASP's free Cheat Sheets on Mobile Application Security, and “Mobile App User Privacy Protection” in the “Mobile Application Security Testing Guide” on the OWASP MAS website
Joker
Starr can influence, alter or affect the app so that it no longer complies with legal, regulatory, contractual or other mandates
Have you thought about becoming an individual OWASP member? All tools, guidance and local meetings are free for everyone, but individual membership helps support OWASP's work
Joker
Mallory can use the app installed on Bob's device maliciously to surveil, spy on, eavesdrop, control remotely, track or otherwise monitor Bob, without consent and/or notification
Examine vulnerabilities and discover how they can be fixed using free MASTG reference applications on the OWASP MAS website