| Application API Message Manipulation via Man-in-the-Middle |
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
| Transaction or Event Tampering via Application API Manipulation |
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
| Application API Navigation Remapping |
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
| Navigation Remapping To Propagate Malicious Content |
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
| Application API Button Hijacking |
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|