Home > cards > CX

CORNUCOPIA (CX)

Spyros can circumvent the application's controls because code frameworks, libraries and components contain malicious code or vulnerabilities (e.g. in-house, commercial off the shelf, outsourced, open source, externally-located)

CORNUCOPIA

10

Spyros can circumvent the application's controls because code frameworks, libraries and components contain malicious code or vulnerabilities (e.g. in-house, commercial off the shelf, outsourced, open source, externally-located)

OWASP SCP

57,151,152,204,205,213,214

OWASP ASVS

1.14.3,10.1.1,10.2.3,10.2.4,10.2.5,10.2.6,14.2.1

OWASP AppSensor

CAPEC

-

SAFECODE

15

CORNUCOPIA

10

Spyros can circumvent the application's controls because code frameworks, libraries and components contain malicious code or vulnerabilities (e.g. in-house, commercial off the shelf, outsourced, open source, externally-located)

OWASP SCP

57,151,152,204,205,213,214

OWASP ASVS

1.14.3,10.1.1,10.2.3,10.2.4,10.2.5,10.2.6,14.2.1

OWASP AppSensor

CAPEC

-

SAFECODE

15

NB: The key concept for this card is software hardening, configuration and patching. See C 8 instead for host/network environment hardening, configuration and patching.

Mappings

OWASP ASVS (4.0): 1.14.3 ,10.1.1 ,10.2.3 ,10.2.4 ,10.2.5 ,10.2.6 ,14.2.1

Capec: 68 ,438 ,439 ,442 ,524 ,538

OWASP SCP: 57,151,152,204,205,213,214

OWASP Appsensor:

Safecode: 15

ASVS (4.0) Cheatsheetseries Index

ASVS V1.14 - Configuration Architectural Requirements

ASVS V10.1 - Code Integrity Controls

ASVS V10.2 - Malicious Code Search

ASVS V14.2 - Dependency

No suitable mappings were found.

Attacks

Cross-Site Scripting (XSS)

Command Injection

Privilege escalation

Insider Threats

Session Hijacking (Man-in-the-Middle)

View source on GitHub