-
Notifications
You must be signed in to change notification settings - Fork 89
/
Copy pathremediation_advice.json
2115 lines (2115 loc) · 149 KB
/
remediation_advice.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
{
"metadata": {
"default": null,
"keys": [
"remediation_advice",
"references"
]
},
"content": [
{
"id": "ai_application_security",
"children": [
{
"id": "llm_security",
"children": [
{
"id": "excessive_agency_permission_manipulation",
"remediation_advice": "Implement stringent access controls and define clear user permissions for interacting with the LLM. Employ regular audits and monitoring to detect and prevent unauthorized or excessive permission changes. Use role-based access control systems to manage user permissions effectively. Educate users and administrators about the risks of permission manipulation and establish protocols for safely managing access rights.",
"references": [
"https://owasp.org/www-project-ai-security-and-privacy-guide/#:~:text=,auditability%2C%20bias%20countermeasures%20and%20oversight"
]
},
{
"id": "llm_output_handling",
"remediation_advice": "Implement output filtering and validation to ensure the LLM's responses are appropriate and secure. Use context-aware controls to manage how the LLM processes and responds to various inputs. Regularly audit and update the LLM to handle new types of outputs and emerging security threats. Train users on the potential risks associated with LLM outputs, particularly in sensitive applications.",
"references": [
"https://whylabs.ai/blog/posts/safeguard-monitor-large-language-model-llm-applications"
]
},
{
"id": "prompt_injection",
"remediation_advice": "Implement robust input sanitization to prevent malicious or unintended prompt execution. Establish strict access controls and usage monitoring to detect and prevent unauthorized or anomalous interactions with the LLM. Regularly review and update the model's training data and algorithms to reduce vulnerabilities. Educate users and developers on safe interaction practices with AI systems.",
"references": [
"https://developer.nvidia.com/blog/securing-llm-systems-against-prompt-injection"
]
},
{
"id": "training_data_poisoning",
"remediation_advice": "Implement robust anomaly detection systems to identify and address poisoned data in real-time. Regularly retrain the LLM with clean, diverse, and representative datasets to correct any potential biases or vulnerabilities. Engage in continuous monitoring and auditing of the training process and data sources.",
"references": [
"https://owasp.org/www-project-top-10-for-large-language-model-applications/#:~:text=,security%2C%20accuracy%2C%20or%20ethical%20behavior",
"https://owasp.org/www-project-top-10-for-large-language-model-applications/Archive/0_1_vulns/Training_Data_Poisoning.html"
]
}
]
}
]
},
{
"id": "algorithmic_biases",
"children": [
{
"id": "aggregation_bias",
"remediation_advice": "Ensure that data aggregation methods maintain the integrity of subgroups, preventing dilution of minority data.",
"references": [
"https://www.microsoft.com/en-us/ai/responsible-ai-resources"
]
},
{
"id": "processing_bias",
"remediation_advice": "Design algorithms to process all data fairly, implementing checks to detect and mitigate biases that arise during data processing.",
"references": [
"https://paperswithcode.com/task/fairness-in-ml"
]
}
]
},
{
"id": "application_level_denial_of_service_dos",
"remediation_advice": "There are techniques to avoid some DoS attacks at the code level such as: Performing thorough input validations, avoiding highly CPU consuming operations, and operations which must wait for completion of large tasks to proceed, splitting operations to chunks, setting timeout timers for unreasonable time, trying to create as few bottlenecks as possible.",
"references": [
"https://www.owasp.org/index.php/Application_Denial_of_Service",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Denial_of_Service_Cheat_Sheet.md",
"http://projects.webappsec.org/Denial-of-Service",
"https://www.cvedetails.com/vulnerability-list/opdos-1/denial-of-service.html",
"https://www.owasp.org/images/d/da/OWASP_IL_7_Application_DOS.pdf"
]
},
{
"id": "automotive_security_misconfiguration",
"remediation_advice": "",
"children": [
{
"id": "abs",
"children": [
{
"id": "unintended_acceleration_brake",
"remediation_advice": "Implement a secure gateway to protect against ABS attacks.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
}
]
},
{
"id": "battery_management_system",
"children": [
{
"id": "firmware_dump",
"remediation_advice": "Implement secure boot, obfuscate the code, and compression algorithm with hardware-backed dictionary. Find creative ways to break disassemblers and debuggers.",
"references": [
"https://en.wikipedia.org/wiki/Security_through_obscurityhttps://www.researchgate.net/publication/320859156_Source_Code_Vulnerabilities_in_IoT_Software_Systems"
]
},
{
"id": "fraudulent_interface",
"remediation_advice": "Protect and make sure the battery management system provides prevention from operating outside its safe operating area.",
"references": [
"https://en.wikipedia.org/wiki/Battery_management_system"
]
}
]
},
{
"id": "can",
"children": [
{
"id": "injection_basic_safety_message",
"remediation_advice": "Filter malicious CANBus requests or codes that can be used to manipulate the Basic Safety Message.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
},
{
"id": "injection_battery_management_system",
"remediation_advice": "Filter malicious CANBus requests or codes that can be injected into the battery management system.",
"references": [
"https://i.blackhat.com/USA-20/Wednesday/us-20-Kiley-Reverse-Engineering-The-Tesla-Battery-Management-System-To-Increase-Power-Available.pdf"
]
},
{
"id": "injection_disallowed_messages",
"remediation_advice": "Filter malicious CANbus requests or codes especially if not included in the DBC file by implementing a secure gateway.",
"references": [
"https://news.voyage.auto/an-introduction-to-the-can-bus-how-to-programmatically-control-a-car-f1b18be4f377"
]
},
{
"id": "injection_dos",
"remediation_advice": "Filter malicious CANbus requests or codes by implementing a secure gateway, as well as limit access to input ports (specifically OBD-II) on automobiles as pointed out by CERT.",
"references": [
"https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01",
"http://www.autoconnectedcar.com/2017/08/connect-car-can-bus-cant-handle-dos-hacksattacks-researchers-report-can-standard-can-be-changed/"
]
},
{
"id": "injection_headlights",
"remediation_advice": "Filter malicious CANBus requests or codes that can be injected into the headlights.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
},
{
"id": "injection_powertrain",
"remediation_advice": "Filter malicious CANBus requests or codes that can be used to manipulate the Powertrain.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
},
{
"id": "injection_pyrotechnical_device_deployment_tool",
"remediation_advice": "Countermeasures of this attack include selection of suitable technologies, hard-wired plausibility checks, usage of cryptography, and hardening against brute force attacks of the keys or algorithms.",
"references": [
"https://www.rapid7.com/db/modules/post/hardware/automotive/pdt/"
]
},
{
"id": "injection_sensors",
"remediation_advice": "Filter malicious CANBus requests or codes that can be used to manipulate the sensors.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
},
{
"id": "injection_steering_control",
"remediation_advice": "Filter malicious CANBus requests or codes that can be injected into the steering control.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
},
{
"id": "injection_vehicle_anti_theft_systems",
"remediation_advice": "Filter malicious CANBus requests or codes that can be used to manipulate the Vehicle Anti-theft Systems.",
"references": [
"https://jwcn-eurasipjournals.springeropen.com/articles/10.1186/s13638-019-1484-3"
]
}
]
},
{
"id": "gnss_gps",
"children": [
{
"id": "spoofing",
"remediation_advice": "Implement a system that detects GPS spoofing which evaluates or prevents the system from believing and acting on false data.",
"references": [
"https://www.kaspersky.com/blog/gps-spoofing-protection/26837/"
]
}
]
},
{
"id": "immobilizer",
"children": [
{
"id": "engine_start",
"remediation_advice": "Implement a secure gateway to protect against immobilizer attacks, assign significant bytes in data and a method to send an abnormal signal overwriting the false data when a communication error has occurred.",
"references": [
"https://www.kaspersky.com/blog/36c3-immobilizers/32419/"
]
}
]
},
{
"id": "infotainment_radio_head_unit",
"children": [
{
"id": "code_execution_can_bus_pivot",
"remediation_advice": "Filter arbitrary commands and apply input validation to any media devices to prevent executing from the infotainment system. Make sure that the infotainment system is on a sandbox module and does not have direct interaction to the CANbus network.",
"references": [
"https://motherboard.vice.com/en_us/article/3kvw8y/researchers-hack-car-infotainment-system-and-find-sensitive-user-data-inside",
"https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/",
"http://illmatics.com/carhacking.html"
]
},
{
"id": "code_execution_no_can_bus_pivot",
"remediation_advice": "Filter arbitrary commands and apply input validation to any media devices to prevent executing from the infotainment system.",
"references": [
"https://motherboard.vice.com/en_us/article/3kvw8y/researchers-hack-car-infotainment-system-and-find-sensitive-user-data-inside",
"https://www.bleepingcomputer.com/news/security/you-can-hack-some-mazda-cars-with-a-usb-flash-drive/",
"http://illmatics.com/carhacking.html"
]
},
{
"id": "default_credentials",
"remediation_advice": "Do not ship infotainment systems with any configured accounts or with default and common usernames and passwords. Do not hard code any backdoor accounts or special access mechanisms.",
"references": [
"https://www.owasp.org/index.php/Testing_for_default_credentials_(OTG-AUTHN-002)",
"https://www.owasp.org/index.php/Configuration#Default_passwords"
]
},
{
"id": "dos_brick",
"remediation_advice": "Filter malicious payloads or string attacks. Apply rate limiting on the app level side.",
"references": [
"https://www.owasp.org/index.php/Application_Denial_of_Service",
"https://www.forbes.com/sites/leemathews/2017/04/10/a-malware-outbreak-is-bricking-insecure-iot-devices/#36603e4a29a3",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Denial_of_Service_Cheat_Sheet.md"
]
},
{
"id": "ota_firmware_manipulation",
"remediation_advice": "Implement key signing and firmware verification.",
"references": [
"https://www.wired.com/2015/02/firmware-vulnerable-hacking-can-done/"
]
},
{
"id": "sensitive_data_leakage_exposure",
"remediation_advice": "Do not store sensitive data such as call logs, text messages, and contact lists or names as plaintext in the infotainment system.",
"references": [
"https://www.prnewswire.com/news-releases/carsblues-vehicle-hack-exploits-vehicle-infotainment-systems-allowing-access-to-call-logs-text-messages-and-more-300751244.html"
]
},
{
"id": "source_code_dump",
"remediation_advice": "Obfuscate the code and find creative ways to break disassemblers and debuggers.",
"references": [
"https://en.wikipedia.org/wiki/Security_through_obscurity",
"https://www.researchgate.net/publication/320859156_Source_Code_Vulnerabilities_in_IoT_Software_Systems"
]
},
{
"id": "unauthorized_access_to_services",
"remediation_advice": "Filter services that allow you to control the vehicle or infotainment system from being accessed by unauthorized users. Apply authentication mechanisms to certain endpoints.",
"references": [
"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/"
]
}
]
},
{
"id": "rf_hub",
"children": [
{
"id": "can_injection_interaction",
"remediation_advice": "Implement a secure gateway that prevents CAN Injection from the RF Hub.",
"references": [
"https://www.reddit.com/r/CarHacking/comments/73qs0x/chrysler_sgw_security_gateway/"
]
},
{
"id": "data_leakage_pull_encryption_mechanism",
"remediation_advice": "Inspect outgoing traffic from the RF Hub and make sure encryption mechanism cannot be extracted.",
"references": [
"https://www.networkworld.com/article/2284289/data-leak-prevention-and-encryption--tools-that-can-work-together.html"
]
},
{
"id": "key_fob_cloning",
"remediation_advice": "Implement key fob encryption.",
"references": [
"https://electronics.howstuffworks.com/gadgets/automotive/unlock-car-door-remote1.htm",
"https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/"
]
},
{
"id": "relay",
"remediation_advice": "Block the transmission of unwanted radio signals and block all forms of the amplification attacks.",
"references": [
"https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/",
"https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/"
]
},
{
"id": "replay",
"remediation_advice": "Block the transmission of unwanted radio signals and block all forms of the amplification attacks.",
"references": [
"https://www.wired.com/2017/04/just-pair-11-radio-gadgets-can-steal-car/",
"https://www.wired.com/2016/03/study-finds-24-car-models-open-unlocking-ignition-hack/"
]
},
{
"id": "roll_jam",
"remediation_advice": "Update how rolling codes work in vehicles and do over-the-air update capabilities.",
"references": [
"https://makezine.com/2015/08/11/anatomy-of-the-rolljam-wireless-car-hack/"
]
},
{
"id": "unauthorized_access_turn_on",
"remediation_advice": ""
}
]
},
{
"id": "rsu",
"children": [
{
"id": "sybil_attack",
"remediation_advice": "Known approaches to Sybil attack prevention include identity validation, social trust graph algorithms, or economic costs, personhood validation, and application-specific defenses.",
"references": [
"https://en.wikipedia.org/wiki/Sybil_attack"
]
}
]
}
]
},
{
"id": "blockchain_infrastructure_misconfiguration",
"remediation_advice": "1. Implement secure default settings and restrict administrative access to nodes and infrastructure.\n2. Regularly audit and validate network configurations against industry best practices.\n3. Use automated tools to detect and resolve misconfigurations in real time.\n4. Harden consensus mechanisms by enforcing robust cryptographic standards and validating peer integrity.\n5. Monitor network activity to detect and mitigate potential exploits stemming from misconfigurations.",
"references": [
"https://nordlayer.com/blog/blockchain-security-issues/"
]
},
{
"id": "broken_access_control",
"children": [
{
"id": "exposed_sensitive_android_intent",
"remediation_advice": "1. If you use an intent to bind to a Service, ensure that your app is secure by using an explicit intent. Using an implicit intent to start a service is a security risk as you can't be certain what service will respond to the intent, and the user can't see which service starts.\n2. If data within a broadcast intent may be sensitive, you should consider applying a permission to make sure that malicious applications can't register to receive those messages without appropriate permissions. In these circumstances you may also consider invoking the receiver directly rather than raising a broadcast.\n3. By default, receivers are exported and can be invoked by any other application. If your BroadcastReceiver is intended for use by other applications, you may want to apply security permissions to receivers using the <receiver> element within the application manifest. This prevents applications without appropriate permissions from sending an intent to the BroadcastReceiver.\n",
"references": [
"https://www.owasp.org/index.php/Mobile_Top_10_2016-M1-Improper_Platform_Usage"
]
},
{
"id": "exposed_sensitive_ios_url_scheme",
"remediation_advice": "Apple does not enforce the unique naming for App schemes, making it possible for a malicious app to use the same URL Scheme as a legitimate app, effectively hijacking the URL Scheme. As a result, it is important to keep the URL Scheme from being exposed.",
"references": [
"https://www.owasp.org/index.php/Mobile_Top_10_2016-M1-Improper_Platform_Usage",
"https://developer.apple.com/library/content/documentation/iPhone/Conceptual/iPhoneOSProgrammingGuide/Inter-AppCommunication/Inter-AppCommunication.html"
]
},
{
"id": "idor",
"remediation_advice": "1. **Use per user or session indirect object references.** This prevents attackers from directly targeting unauthorized resources. For example, instead of using the resource's database key, a drop-down list of six resources authorized for the current user could use the numbers 1 to 6 to indicate which value the user selected. The application has to map the per-user indirect reference back to the actual database key on the server. OWASP's `ESAPI` includes both sequential and random access reference maps that developers can use to eliminate direct object references.\n2. **Check access.** Each use of a direct object reference from an untrusted source must include an access control check to ensure the user is authorized for the requested object.",
"references": [
"https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.md"
]
},
{
"id": "privilege_escalation",
"remediation_advice": "1. **Least Privilege Principle:** Enforce the least privilege principle by ensuring that users and processes operate using the minimum permissions necessary to perform their tasks. \n2. **Regular Audits:** Conduct regular audits of system permissions and user roles to identify and rectify excessive permissions or misconfigurations. \n3. **Patch Management:** Keep all systems, applications, and services up to date with the latest security patches to close vulnerabilities that could be exploited for privilege escalation.",
"references": [
"https://owasp.org/www-community/attacks/Privilege_escalation",
"https://www.cisa.gov/uscert/bsi/articles/knowledge/principles/least-privilege"
]
},
{
"id": "username_enumeration",
"remediation_advice": "Ensure that the application does not reveal existing user names and any data associated with them, whether it's a consequence of misconfiguration or a design decision.",
"references": [
"https://www.owasp.org/index.php/Top_10_2013-A7-Missing_Function_Level_Access_Control",
"https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure",
"http://projects.webappsec.org/w/page/13246936/Information%20Leakage"
]
}
]
},
{
"id": "broken_authentication_and_session_management",
"remediation_advice": "1. **API:** Use security focused APIs to check for proper security controls.\n2. **Session Management:** Use proper session management checks to disallow unauthenticated users accessing protected and sensitive resources.\n3. **Access Control:** Use proper access control checks to disallow unprivileged users from accessing protected and sensitive resources.",
"references": [
"https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication",
"https://www.owasp.org/index.php/Broken_Authentication_and_Session_Management",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md",
"http://projects.webappsec.org/Insufficient-Authentication",
"https://www.cvedetails.com/vulnerability-list/opgpriv-1/gain-privilege.html"
],
"children": [
{
"id": "cleartext_transmission_of_session_token",
"remediation_advice": "Ensure that session tokens are transmitted over protected channels at all times. If the secure cookie flag is not an option ensure that the application does not support unencrypted communication.",
"references": [
"https://www.owasp.org/index.php/Testing_for_Sensitive_information_sent_via_unencrypted_channels_(OTG-CRYPST-003)",
"https://www.owasp.org/index.php/SecureFlag"
]
},
{
"id": "concurrent_logins",
"remediation_advice": "As a best practice, consider disallowing multiple concurrent user sessions or logins."
},
{
"id": "failure_to_invalidate_session",
"children": [
{
"id": "all_sessions",
"remediation_advice": "As a best practice, consider invalidating all user sessions on logout."
},
{
"id": "long_timeout",
"remediation_advice": "As a best practice, consider invalidating sessions after a shorter period of time."
},
{
"id": "on_email_change",
"remediation_advice": "As a best practice, consider invalidating all sessions upon email change."
},
{
"id": "on_logout",
"remediation_advice": "Properly invalidate the session on the client and server-side when the user logs out of their session.",
"references": [
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#manual-session-expiration"
]
},
{
"id": "on_logout_server_side_only",
"remediation_advice": "Properly invalidate the session on the server-side when the user logs out of their session.",
"references": [
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#manual-session-expiration"
]
},
{
"id": "on_password_change",
"remediation_advice": "Properly invalidate all user sessions server-side when the user resets their password and at a minimum, invalidate all non-current user sessions sever-side when the user changes their password.",
"references": [
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Session_Management_Cheat_Sheet.md#renew-the-session-id-after-any-privilege-level-change"
]
},
{
"id": "on_two_fa_activation_change",
"remediation_advice": "As a best practice, consider invalidating all sessions upon 2FA activation or change."
},
{
"id": "permission_change",
"remediation_advice": "Review and update the necessary permissions, ensuring they align with the new requirements, and consider implementing a robust permission management system for better control and tracking."
}
]
},
{
"id": "saml_replay",
"references": [
"https://snyk.io/blog/common-saml-vulnerabilities-remediate/",
"https://support.okta.com/help/s/article/okta-service-has-protection-against-replay-attacks?language=en_US"
]
},
{
"id": "session_fixation",
"remediation_advice": "Always regenerate the session token after the users properly authenticate.",
"references": [
"http://projects.webappsec.org/w/page/13246960/Session%20Fixation"
]
},
{
"id": "two_fa_bypass",
"references": [
"https://www.owasp.org/index.php/Testing_Multiple_Factors_Authentication_(OWASP-AT-009)"
]
},
{
"id": "weak_login_function",
"remediation_advice": "Login forms should always be served over `HTTPS`, as well as all credentials should be transmitted over an encrypted channel at all times.\n\nAlways provide secure protocols for authentication connections as well as consider disabling any insecure protocols that are available.",
"references": [
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Authentication_Cheat_Sheet.md#transmit-passwords-only-over-tls-or-other-strong-transport"
]
}
]
},
{
"id": "client_side_injection",
"children": [
{
"id": "binary_planting",
"remediation_advice": "1. Use fully qualified paths when loading binaries.\n2. Remove the current working directory (CWD) from the binary search path or if the application depends on loading a binary from the current directory, the path should be obtained first and used to pass in a fully qualified path.\n3. Secure access permissions on a local directory as to not allow a local attacker to plant a malicious binary in a trusted location.",
"references": [
"http://www.binaryplanting.com/guidelinesDevelopers.htm"
]
}
]
},
{
"id": "cross_site_request_forgery_csrf",
"remediation_advice": "1. Consider using a known and secure CSRF synchronizer API and apply the generated CSRF token to every request. If infeasible to apply to every request, generate a CSRF token for the entire session and apply that to every request or, at minimum, every request considered sensitive. Always make sure to check the actual CSRF token.\n2. Consider verifying using same-origin rules to the source and target by checking the `Origin` and `Referer` headers.\n3. Consider using the `Double Submit Cookie` pattern.\n4. Consider using the `Encrypted Token` pattern.\n5. Consider protecting REST services by using the `X-Requested-With: XMLHttpRequest` header in all requests.\n6. Consider using re-authentication in cases where the request is particularly sensitive. This is the most effective CSRF prevention technique, however it does disturb the entire user experience.",
"references": [
"https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md",
"http://projects.webappsec.org/w/page/13246919/Cross%20Site%20Request%20Forgery",
"https://www.cvedetails.com/vulnerability-list/opcsrf-1/csrf.html"
]
},
{
"id": "cross_site_scripting_xss",
"remediation_advice": "1. Always treat all user input as untrusted data.\n2. Never insert untrusted data except in allowed locations.\n3. Always input or output-encode all data coming into or out of the application.\n4. Always whitelist allowed characters and seldom use blacklisting of characters except in certain use cases.\n5. Always use a well-known and security encoding API for input and output encoding such as the `OWASP ESAPI`.\n6. Never try to write input and output encoders unless absolutely necessary. Chances are that someone has already written a good one.\n7. Never use the DOM function `innerHtml` and instead use the functions `innerText` and `textContent` to prevent against DOM-based XSS.\n8. As a best practice, consider using the `HTTPOnly` flag on cookies that are session tokens or sensitive tokens.\n9. As a best practice, consider implementing `Content Security Policy` to protect against XSS and other injection type attacks.\n10. As a best practice, consider using an auto-escaping templating system.",
"references": [
"https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)",
"https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md",
"http://projects.webappsec.org/Cross-Site+Scripting",
"https://www.cvedetails.com/vulnerability-list/opxss-1/xss.html"
],
"children": [
{
"id": "trace_method",
"remediation_advice": "As the TRACE method can be utilized to bypass certain protections, consider disabling the HTTP method TRACE.",
"references": [
"https://www.owasp.org/index.php/Cross_Site_Tracing"
]
}
]
},
{
"id": "cryptographic_weakness",
"children": [
{
"id": "broken_cryptography",
"children": [
{
"id": "use_of_broken_cryptographic_primitive",
"remediation_advice": "The use of broken, weak, or flawed cryptographic algorithms can allow an attacker to decrypt sensistive information. Ensure the application makes use of only trustworthy cryprographic algorithms as indicated by relevant security standard(s) and regulation(s).",
"references": [
"https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/",
"https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
]
},
{
"id": "use_of_vulnerable_cryptographic_library",
"remediation_advice": "The identification, patching, and disclosure of vulnerabilities in third-party libraries, including cryptographic libraries, is a daily occurrence. In some cases, cryptographic libraries are deemed 'broken' and deprecated. Ensure the application is updated to include the latest secure version of all third-party cryptographic libraries and replace known 'broken' cryptographic libraries with secure alternatives.",
"references": [
"https://www.ubiqsecurity.com/bouncy-castle-and-the-impact-of-cryptographic-vulnerabilities/",
"https://blog.cryptographyengineering.com/2013/09/20/rsa-warns-developers-against-its-own/"
]
}
]
},
{
"id": "incomplete_cleanup_of_keying_material",
"remediation_advice": "Ensure the application erases all non-volatile copies of sensitive cryptographic data in memory or other non-volatile storage when no longer needed by the application. Ensure the application does not retain sensitive cryptographic data in memory longer than necessary by storing the data in protected volatile storage (e.g. TPM) and open/close handles to the data upon each new invocation of the cryptographic routine.",
"references": [
"https://documentation-service.arm.com/static/624af896b059dc5ff9a8fbda"
]
},
{
"id": "insecure_implementation",
"children": [
{
"id": "improper_following_of_specification",
"remediation_advice": "As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations. When it is necessary to develop a homegrown implementation, ensure the implementation adheres to all requirements for the cryptographic parameters.",
"references": [
"https://www.rfc-editor.org/rfc/rfc7696",
"https://www.rfc-editor.org/rfc/rfc3565"
]
},
{
"id": "missing_cryptographic_step",
"remediation_advice": "Oftentimes cryptographic algorithms involve complex and time-consuming mathematical operations to ensure the security of the product (e.g. ciphertext, hash value). In some instances, such as in limited power systems, costly cryptographic steps may be skipped. As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations. When it is necessary to develop a homegrown implementation, always thoroughly review the algorithm specification and properly implement each computational step.",
"references": [
"https://www.rfc-editor.org/rfc/rfc3565",
"https://nvd.nist.gov/vuln/detail/CVE-2022-29053",
"https://www.fortiguard.com/psirt/FG-IR-22-158"
]
}
]
},
{
"id": "insecure_key_generation",
"children": [
{
"id": "improper_asymmetric_exponent_selection",
"remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon exponentiation:\n\n(a) ensure that private exponent selection allows for a sufficiently large number to be chosen; and\n(b) always use a uniquely-generated random number for the private exponent.",
"references": [
"https://medium.com/curiositypapers/a-complete-explanation-of-rsa-asymmetric-encryption-742c5971e0f",
"https://www.iacr.org/archive/eurocrypt2000/1807/18070374-new.pdf",
"https://www.rfc-editor.org/rfc/rfc8017"
]
},
{
"id": "improper_asymmetric_prime_selection",
"remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon prime numbers for public/private keypair generation:\n\n(a). ensure that prime number selection allows sufficiently large prime numbers to be represented;\n(b) ensure there is not mathematical relationship between each of the prime numbers selected; and\n(c) always use uniquely-generated random numbers for prime selection.",
"references": [
"https://medium.com/curiositypapers/a-complete-explanation-of-rsa-asymmetric-encryption-742c5971e0f",
"https://www.schneier.com/blog/archives/2022/03/breaking-rsa-through-insufficiently-random-primes.html",
"https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/",
"https://www.rfc-editor.org/rfc/rfc8017#page-36"
]
},
{
"id": "insufficient_key_space",
"remediation_advice": "Most modern cryptogaphic algorithms allow implementers to specify the length of the key used by the algorithm. If an insufficient key length is specified, an attacker can use offline brute force techniques to decrypt the ciphertext without any user input. Ensure the application specifies a sufficiently large minimum cryptographic key length as appropriate for the context or as indicated by relevant regulations and standards. As a general rule, AES-128, RSA-2048, and SHA-256 should be used, at a minimum.",
"references": [
"https://codeql.github.com/codeql-query-help/cpp/cpp-insufficient-key-size/",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
]
},
{
"id": "insufficient_key_stretching",
"remediation_advice": "Key stretching is a technique used to increase the entropy of low-entropy keys, such as user-supplied passwords. The technique is usually based on many iterative rounds of cryptographic computations upon the initial low-entropy key and brute forcing vulnerabilities arise if an insufficient number of iterations are applied. Ensure the application adheres to all relevant specification(s) and performs a sufficiently large number of iterations to render the work-factor of brute force attacks infeasible.",
"references": [
"https://link.springer.com/chapter/10.1007/BFb0030415",
"https://www.rfc-editor.org/rfc/rfc2898"
]
},
{
"id": "key_exchange_without_entity_authentication",
"remediation_advice": "When a key exchange is performed without validating the authenticity of the opposite entity, an attacker is able to impersonate a trusted entity and compromise the confidentiality of the encrypted data. Ensure the application properly verifies the identity of the opposite party during key exchange using context appropriate mechanisms, as indiciated in the relevant standard(s) and specification(s).",
"references": [
"https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf",
"https://www.rfc-editor.org/rfc/rfc6071#page-17",
"https://www.rfc-editor.org/rfc/rfc5246"
]
}
]
},
{
"id": "insufficient_entropy",
"children": [
{
"id": "initialization_vector_reuse",
"remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted. If an application reuses the same IV for multiple invocations of an encryption routine, an attacker can use this knowledge to glean the original plaintext from an encrypted stream. Ensure each invocation of an encryption routine uses a different IV.",
"references": [
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
"https://www.openssl.org/~bodo/tls-cbc.txt",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
"http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf"
]
},
{
"id": "limited_rng_entropy_source",
"remediation_advice": "1. When using the native entropy sources in a Linux environment, be sure to use /dev/random instead of /dev/urandom. This is because, in the event of depletion of the kernel entropy pool, /dev/random blocks until the level of entropy in the system entropy pool is high enough to ensure high entropy random number generation. In contrast, /dev/urandom does not block and will return low-entropy random numbers in the event of depletion of the system entropy pool.\n\n2. In Windows environments, ensure all elements of the Windows entropy pool exhibit appropriately high levels of randomness.\n\n3. In applications that require large volumes of high-entropy random numbers to be generated, consider using alternative RNGs, such as Intel's Digital Random Number Generator (DRNG).",
"references": [
"https://www.redhat.com/en/blog/understanding-random-number-generators-and-their-limitations-linux#:~:text=A%20source%20of%20entropy%20(RNG)&text=Random%20number%20generators%20or%20RNGS,unpredictable%20numbers%20as%20its%20output.",
"https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/",
"https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
"https://download.microsoft.com/download/1/c/9/1c9813b8-089c-4fef-b2ad-ad80e79403ba/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf"
]
},
{
"id": "predictable_initialization_vector",
"remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted. It is critical that it be impossible to predict the IV associated with the plaintext for any given invocation of the encryption routine. This is best achieved by using a newly-generated random number, produced by a trustworthy RNG, for each invocation of the encryption routine.",
"references": [
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
"https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
"https://www.cve.org/CVERecord?id=CVE-2011-3389"
]
},
{
"id": "predictable_prng_seed",
"remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG. Therefore, if an attacker can predict all or a portion of the seed value used to initialize the PRNG, it is possible to predict the random number stream produced by the PRNG. Per FIPS 140-3, \"Security Requirements for Cryptographic Modules,\" it is acceptable to use the output of a trustworthy PRNG as the seed value for another PRNG. Ensure applications use a randomly-generated seed value by drawing from a trustworth entropy source, such as /dev/random.",
"references": [
"https://www.sciencedirect.com/science/article/pii/S2212017316304972",
"https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://www.appmarq.com/public/robustness,1039006,CWE-336-Avoid-using-predictable-SecureRandom-Seeds"
]
},
{
"id": "prng_seed_reuse",
"remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG. Therefore, if an attacker knows the seed value used to initialize the PRNG, it is possible to determine all future random numbers produced by the PRNG. Do not use the same seed value for multiple invocations of PRNG initialization.",
"references": [
"https://www.sciencedirect.com/science/article/pii/S2212017316304972"
]
},
{
"id": "small_seed_space_in_prng",
"remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG. An insufficiently-sized seed value allows an attacker to brute force the random number stream produced by the PRNG by brute forcing all possible seed values. Ensure the value used as a PRNG seed has a length (in terms of bit size) to guarantee a sufficiently large work-factor to render such brute force attacks infeasible. As a general rule, the number of steps (iterations) required to compromise the seed value should be at least as large as the number of steps (iterations) required to compromise the cryptographic entity (e.g. key) that relies upon the PRNG.",
"references": [
"https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf",
"https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
"https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators"
]
},
{
"id": "use_of_trng_for_nonsecurity_purpose",
"remediation_advice": "1. The random number generation rate of most RNGs is limited, so it is important to draw from RNGs only when entropy is needed for security purposes.\n\n2. Applications should ensure resiliency when drawing from TRNGs by properly handling blocking conditions that may arise when the TRNG blocks due to depletion of the entropy source.\n\n3. Increase potential random number generation rate by integrating multiple, diverse, entropy sources in a secure manner.",
"references": [
"https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/",
"https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf"
]
}
]
},
{
"id": "insufficient_verification_of_data_authenticity",
"children": [
{
"id": "cryptographic_signature",
"remediation_advice": "A cryptographic signature is used to provide authenticity verification and non-repudiation of data received from another party. Depending on the application context failure to properly validate the cryptographic signature can result in vulnerabilities ranging from unauthorized information disclosure, to user impersonation, or even unauthorized code execution. Ensure the application verifies the cryptographic signature accompanying received data and deny requests containing an invalid cryptographic signature.",
"references": [
"https://www.internetsociety.org/resources/deploy360/2014/the-two-sides-of-dnssec-signing-and-validation/",
"https://vulnerabilityhistory.org/tags/89",
"https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180926-digsig.html"
]
},
{
"id": "identity_check_value",
"remediation_advice": "An Integrity Check Value (ICV) is used to ensure data has not become corrupted during transmission and may incorporate keying material to ensure message authenticity in security sensitive applications. Failure to properly validate the ICV can lead to data corruption and may allow an attacker to impersonate other senders in messages. Ensure the application validates the ICV in all received messages and adheres to the relevant specification(s) with regard to the ICV validation steps.",
"references": [
"https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf",
"https://www.rfc-editor.org/rfc/rfc4302#section-2.6",
"https://www.rfc-editor.org/rfc/rfc4302#section-3.3.3"
]
}
]
},
{
"id": "key_reuse",
"children": [
{
"id": "inter_environment",
"remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose. When the same key is used between multiple application contexts, such as different customer environments in a multi-tenancy application, an attacker can gain unauthorized access to other users' information and may be able to impersonate other users to achieve privilege escalation. Ensure the application uses unique cryptographic keys for each application context and do not reuse keys across trust zones."
},
{
"id": "intra_environment",
"remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose. When the same key is used for multiple purposes within the context of a single environment (e.g. individual customer in a multi-tenant application) an attacker can leverage knowledge of the key to gain unauthorized access to other information or privileges protected by the same key. Ensure all application components, such as information and authentication tokens, are appropriately grouped into separate trust zones and protected by separate cryptographic keys."
},
{
"id": "lack_of_perfect_forward_secrecy",
"remediation_advice": "Perfect Forward Secrecy (PFS) is a technique used to minimize the impact of compromise of an entity's longterm private key by negotiating an ephemeral keypair for each new session between two parties. Without PFS, compromise of an entity's longterm private key results in compromise of all historical and future session keys based thereupon, meaning any recorded encrypted traffic can then be decrypted. Ensure the application enables PFS for the encryption protocols implemented, as indicated by the relevant standard(s) and specification(s).",
"references": [
"https://avinetworks.com/glossary/perfect-forward-secrecy/#:~:text=Without%20perfect%20forward%20secrecy%2C%20an,primary%20secret%20with%20each%20client.",
"https://medium.com/asecuritysite-when-bob-met-alice/forward-secrecy-and-ephemeral-keys-guarding-against-data-breaches-in-the-future-b709295c6e5a",
"https://www.rfc-editor.org/rfc/rfc7525#page-18"
]
}
]
},
{
"id": "side_channel_attack",
"children": [
{
"id": "differential_fault_analysis",
"remediation_advice": "Differential fault analysis attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation can be gleaned by changes in the application's (or system's) response to specially-crafted fault conditions. To prevent such attacks, applications and systems should always revert to a known and uniform state upon the occurrence of faults. This may be achieved using a variety of methods, the effectiveness of which will vary depending upon context, such as uniform exception handling, restoration of a saved state, or system reset.",
"references": [
"https://link.springer.com/content/pdf/10.1007/BFb0052259.pdf?pdf=inline%20link",
"https://ieeexplore.ieee.org/document/6976633"
]
},
{
"id": "emanations_attack",
"remediation_advice": "Emanations attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation result in changes to the electromagnetic emanations produced by the physical system on which the application is running. Remediation of emanations leakage vulnerabilities is highly-dependent upon the application context but some general countermeasures are effective in most instances. Ensure the application's implementation of each step of cryptographic algorithm processing results in uniform use of processor cycles, power, and features. In some cases, this may involve the incorporation of less efficient code, in order to achieve a uniform emanations profile for all possible outcomes of each cryptographic step. Additionally, incorporate EMF shielding into the physical device design to reduce detectable emanations from the device.",
"references": [
"https://www.cs.tau.ac.il/~tromer/mobilesc/",
"https://www.cs.tau.ac.il/~tromer/ecdh/",
"https://eprint.iacr.org/2016/231.pdf",
"https://eprint.iacr.org/2016/129.pdf"
]
},
{
"id": "padding_oracle_attack",
"remediation_advice": "A padding oracle attack occurs when the application reveals information about the validity of padding in data provided for decryption. By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from the padding oracle to derive the encryption key. Ensure the application produces non-descript error messages when decrypting user-supplied data. Application responses also must not vary between different types of failure, such that an attacker cannot glean from the error that a padding exception has occurred.",
"references": [
"https://archiv.infsec.ethz.ch/education/fs08/secsem/Manger01.pdf",
"https://research.nccgroup.com/2021/02/17/cryptopals-exploiting-cbc-padding-oracles/",
"https://flast101.github.io/padding-oracle-attack-explained/"
]
},
{
"id": "power_analysis_attack",
"remediation_advice": "Power analysis attacks are made possible when the power consumption of a system or individual circuit is dependent upon the outcome or state of specific steps of the cryptographic algorithm implementation. Ensure the outcome of an individual step, or a group of steps, in a cryptographic algorithm implementation cannot be directly observed via the electrical state of any given circuit board trace or component. Ensure power consumption of the system as a whole is decoupled from the state of cryptographic operations performed by the system through the use of power supply capacitance measures.",
"references": [
"https://www.proquest.com/openview/45733f2da135a88fba879f038db4d319/1?pq-origsite=gscholar&cbl=18750&diss=y",
"https://web.wpi.edu/Pubs/E-project/Available/E-project-122211-215512/unrestricted/Power_analysis.pdf",
"https://eprint.iacr.org/2014/204.pdf",
"https://ieeexplore.ieee.org/document/6730921"
]
},
{
"id": "timing_attack",
"remediation_advice": "A timing attack occurs when the amount of time the application takes to complete a cryptographic operation is related to the data provided by the user. By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from this attack to derive the encryption key. Ensure the application implements constant-time cryptographic algorithms, which always take the same amount of time to complete regardless of the input.",
"references": [
"https://research.kudelskisecurity.com/2013/12/13/timing-attacks-part-1/",
"https://www.bearssl.org/constanttime.html",
"https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html"
]
}
]
},
{
"id": "use_of_expired_cryptographic_key_or_cert",
"remediation_advice": "This vulnerabily occurs when:\n\n (a). the application fails to verify the expiration date of a certificate provided by another entity has not passed;\n(b) the application fails to verify the certificate provided by another entity has not been revoked by the issuing authority; or\n(c). the application relies upon manual key management and does not provide a means of verifying the lifecycle of keys in use. Ensure the application verifies the certificate produced by the opposite entity has not expired or been revoked, and provide the application user with sufficient information about how to proceed. Ensure the application implements mechanisms to determine the lifecycle of manually-managed cryptographic keys and reject attempts to use expired keys.",
"references": [
"https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf"
]
},
{
"id": "weak_hash",
"children": [
{
"id": "lack_of_salt",
"remediation_advice": "A hash computed without the addition of a salt value is vulnerable to rainbow table attacks. To prevent such attacks, ensure a unique and randonly-generated salt value is concatenated with the plaintext prior to computing the hash.",
"references": [
"https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#salting",
"https://www.rfc-editor.org/rfc/rfc2898#page-6"
]
},
{
"id": "predictable_hash_collision",
"remediation_advice": "Hash collisions occur when a hashing algorithm generates the same hash value for two (or more) different plaintext inputs. This can be the result of mathematical errors in the algorithm itself, such those found in the MD5 and SHA-1 algorithms. Hash collisions can also occur as the result of incorrect implementation of an otherwise secure algorithm. Always ensure applications make use of unbroken and well-vetted hashing algorithms, and ensure implementations strictly adhere to the requirements of cryptographic parameters as indicated by the relevant specification(s).",
"references": [
"https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities",
"https://github.com/nim-lang/Nim/issues/10097",
"https://www.rfc-editor.org/rfc/rfc6234"
]
},
{
"id": "use_of_predictable_salt",
"remediation_advice": "When a hash is computing using a predictable salt, the protections afforded by the salt are diminished, leaving the hash vulnerable to rainbow table attacks. Always use a unique and randomly-generated value for the salt, and ensure the length of the salt (in terms of bits) is sufficiently large to prevent brute force attacks. As a general rule, salts used in cryptographic operations should be at least 8 bytes (64 bits) in length.",
"references": [
"https://www.rfc-editor.org/rfc/rfc2898#page-7"
]
}
]
}
]
},
{
"id": "data_biases",
"children": [
{
"id": "pre_existing_bias",
"remediation_advice": "Identify and correct biases in the data collection phase, and review historical data for any inherent biases that could affect outcomes.",
"references": [
"https://ai.google/responsibilities/responsible-ai-practices/"
]
},
{
"id": "representation_bias",
"remediation_advice": "Diversify data sources and ensure the dataset represents all relevant groups proportionally to prevent skewing model outcomes.",
"references": [
"https://fairmlbook.org"
]
}
]
},
{
"id": "decentralized_application_misconfiguration",
"remediation_advice": "1. Ensure that there are checks on price and liquidity changes to prevent sudden manipulation caused by flash loans.\n2. Implement replay auditing of smart contracts to detect vulnerabilities exploitable by flash loans.\n3. Ensure accurate, real-time price feeds from decentralized oracles to mitigate manipulation.\n4. Enable circuit breakers to pause the system in the event of large, suspicious transactions.",
"references": [
"https://nordlayer.com/blog/blockchain-security-issues/"
]
},
{
"id": "developer_biases",
"children": [
{
"id": "implicit_bias",
"remediation_advice": "Implement training programs to raise awareness and reduce the impact of unconscious biases among developers.",
"references": [
"https://implicit.harvard.edu/implicit/takeatest.html"
]
}
]
},
{
"id": "external_behavior",
"remediation_advice": "Whenever possible ensure that any security controls that help affect external appliations are in place.",
"children": [
{
"id": "browser_feature",
"children": [
{
"id": "aggressive_offline_caching",
"remediation_advice": "Avoid caching data unnecessarily, especially sensitive information."
},
{
"id": "autocomplete_enabled",
"remediation_advice": "As a best practice, do not have Autocomplete enabled by default."
},
{
"id": "autocorrect_enabled",
"remediation_advice": "Should the autocorrect feature cause unintended issues, disable autocorrect."
},
{
"id": "plaintext_password_field",
"remediation_advice": "As a best practice, do not allow password fields to be shown in plain text instead of masked."
},
{
"id": "save_password",
"remediation_advice": "As a best practice, do not use \"remember me\" functionality to enable users to save their passwords. Attackers find an attack vector to access the browser's built in password manager and steal the credentials of the user."
}
]
}
]
},
{
"id": "indicators_of_compromise",
"remediation_advice": ""
},
{
"id": "insecure_data_storage",
"remediation_advice": "Consider encrypting data for storage, using the strongest encryption algorithms such as AES with a minimum of a 256-bit key size.",
"references": [
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cryptographic_Storage_Cheat_Sheet.md",
"https://www.owasp.org/index.php/Top_10-2017_A3-Sensitive_Data_Exposure"
],
"children": [
{
"id": "screen_caching_enabled",
"remediation_advice": "As a best practice, consider preventing background screen caching if the application displays sensitive data."
},
{
"id": "sensitive_application_data_stored_unencrypted",
"children": [
{
"id": "on_external_storage",
"remediation_advice": "1. Never store sensitive application data unencrypted.\n2. Use the strongest encryption algorithms such as AES with a minimum of a 256-bit key size for application data storage."
}
]
},
{
"id": "server_side_credentials_storage",
"remediation_advice": "1. Never try to create your own cryptographic functions.\n2. Always use well-known, strong, and secure cryptographic API functions.\n3. Never store cleartext password strings anywhere.\n4. Always salt password strings before running through a cryptographically safe hashing algorithm.\n5. Always use a random salt for each password string.\n6. Always store the salt and the cryptographically hashed password string in an encrypted database.\n7. Never use unsafe hashing functions such as `MD5` or `SHA1` which have low key spaces and have working proofs of concept that break these hashing functions.\n8. Only use cryptographically safe hashing functions such as `SHA-256` and above.\n9. Never use unsafe encryption functions that have working proofs of concept that prove that they are broken.\n10. Only use cryptographically safe encryption functions that have a very high work factor to discourage attackers from trying to break the encryption, such as `bcrypt`, `scrypt`, and `PBKDF2`."
}
]
},
{
"id": "insecure_data_transport",
"remediation_advice": "1. Require `TLS` for all sensitive pages. Non-`TLS` requests to these pages should be redirected to the `TLS` page.\n2. Set the `Secure` flag on all sensitive cookies.\n3. Configure your `TLS` provider to only support strong (e.g., `FIPS 140-2` compliant) algorithms.\n4. Ensure your certificate is valid, not expired, not revoked, and matches all domains used by the site.\n5. Backend and other connections should also use `TLS` or other encryption technologies.",
"references": [
"https://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection"
]
},
{
"id": "insecure_os_firmware",
"children": [
{
"id": "command_injection",
"remediation_advice": "1. Avoid using shell execution functions. If unavoidable, limit their use to very specific use cases.\n2. Perform proper input validation when taking user input into a shell execution command.\n3. Use a safe API when accepting user input into the application.\n4. Escape special characters in the case where a safe API is not available.",
"references": [
"https://www.owasp.org/index.php/Top_10-2017_A1-Injection",
"https://www.owasp.org/index.php/Command_Injection",
"http://projects.webappsec.org/OS-Commanding",
"https://www.owasp.org/index.php/Injection_Prevention_Cheat_Sheet",
"https://www.cvedetails.com/vulnerability-list/opec-1/execute-code.html"
]
},
{
"id": "data_not_encrypted_at_rest",
"children": [
{
"id": "non_sensitive",
"remediation_advice": "Data within the device should be encrypted at rest, preventing the data from being viewable by a 3rd party attacker."
},
{
"id": "sensitive",
"remediation_advice": "Data within the device should be encrypted at rest, preventing the data from being viewable by a 3rd party attacker."
}
]
},
{
"id": "failure_to_remove_sensitive_artifacts_from_disk",
"remediation_advice": "Implement robust deletion functions which not only reference to the data, but write over the existing data to prevent digital forensic methods of recovery"
},
{
"id": "hardcoded_password",
"remediation_advice": "1. Never use a hardcoded password within the source code. Many times, the application can be disassembled or decompiled after it has been compiled. This will likely reveal the hardcoded password string to an attacker.\n2. Never use a password string. Instead, use a random salt per user with the password string and run it through a cryptographically strong hashing algorithm.\n3. Store the salt and the hashed password server-side and do the check there. Never check the password on the client side.",
"references": [
"https://www.owasp.org/index.php/Password_Management:_Hardcoded_Password",
"https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md"
]
},
{
"id": "kiosk_escape_or_breakout",
"remediation_advice": "1. Implement vigirous QA testing of applications prior to deployment\n2. Implement robust error logging and catching within the application to prevent crashes\n3. Initiate application restarts in the event of a application crash.\n4. Use Lower Privleged accounts with minimal permissions to lower the impact of a potential kiosk escape"
},
{
"id": "local_administrator_on_default_environment",
"remediation_advice": "The usage of Local Administrator accounts on a device is usually not nessicary for the operation, especially with embedded hardware and kiosks. Use of Lower Privleged accounts with minimal permissions and Jails lowers the impact if access by an attacker is acheved."