Broken Access Control is one of the most dangerous vulnerabilities in the OWASP Top 10 list, which allows attackers to bypass access control mechanisms, gain access to sensitive data, and perform unauthorized operations.
523 
You will learn about the main issues related to software and data integrity errors, including insecure data storage, software vulnerabilities, and threats from untrusted sources. It will also look at how checksums and Subresource Integrity help verify file integrity and protect web applications.
Software and data integrity errors are problems that affect trust in software and data.
Description: Storage of data without proper protection or verification.
Example: Data stored in unencrypted form, which may be accessible to attackers.
Description: Vulnerabilities in software that allow modification or compromise of its integrity.
Example: Insecure management of code updates or modifications, which could allow attackers to inject malicious code.
Description: Using data from untrusted or unsecured sources.
Example: Using data from unverified or unreliable sources that may lead to abuse or errors.
Checksums are small segments of data created from other digital data that are used to verify the integrity of files. They help ensure that data has not been altered or corrupted.
Checksums are usually provided as hashes. Thanks to them, you can check whether the file remained unchanged during download or transfer.
Example:
Using this command, we can compare the generated checksum with the official checksum to verify the integrity of the downloaded file.
Checksums can be bypassed if an attacker is able to modify both the file and its checksum, such as in a MITM (man-in-the-middle) attack.
In this case, the attacker replaces the file and creates a new checksum for this modified file. After that, it can replace the checksum in the verification system to hide the fact that the file has been replaced.
APT (Advanced Package Tool) and Brew
APT is a package management system for Debian-based distributions such as Ubuntu. Some software may require you to update the source list for apt, others may require you to download and install a .deb package, and some may come as archives with already compiled binaries. Make sure you download everything from official sources.
Brew (for macOS) works in a similar way, providing easy software installation and updates.
Composer – is a PHP dependency management tool. Packages may not always be available on Packagist. In this case, you can add additional sources in the Composer settings, if you are sure that they are reliable. It is also recommended to use shasum for integrity checking.
NPM (Node Package Manager) and Yarn – are tools for managing dependencies in Node.js. They make it easy to install, update, and remove packages.
Check for SRI usage: Determine if integrity attributes are used in your web application’s resources. Use your browser’s developer tools to check the <script> and <link> tags for this attribute.
Attacking resources without SRI: If you find that a web application does not use SRI for critical resources, try to change the resources (for example, through CDN attacks) and see if malicious code can be executed.
523 
403 
398 
367 
337 
328 
347 
358 
441