OWASP In Depth: A08:2021 – Software and Data Integrity Failures

It's a three-in-one for the third last entry into our OWASP Top 10 series!

Greetings friends! I hope you found last week’s Identification and Authentication Failures interesting. This week we’re going for a three-in-one with Software and Data Integrity Failures. It sounds like it covers one or two topics, but the notes over on the OWASP Top 10 guide make it pretty clear there are three main areas we need to be aware of, so we’ll cover each in turn.

Last week I announced my new course, Practical Laravel Security, and I’m excited to let you know I’ve opened up presales for the course, so now is the time to get it at a discounted rate! (Email me for presale team pricing, if you’re interested in signing up your whole team.) I’ve also updated the website with the course outline to give you a feel for what it’ll include. Also of note, the FAQs section answers the question of: What about Laravel Security in Depth?¹.

💡 Want me to hack your apps and help you secure them? Book in a Laravel Security Audit and Penetration Test! 🕵️

Looking to learn more?
⏩ Security Tip #10: Selectively Stage and Commit Changes
▶️ In Depth #3: Escaping Output Safely

---

A08:2021 – Software and Data Integrity Failures

This was a new category added to the OWASP Top 10 in 2021, and like some of the other topics, it covers a broad range of risks. After a couple of readings of the official guide, I’ve identified three main topics which I believe we need to be aware of:

1. Secure your infrastructure

2. Secure your dependencies

3. Secure your objects

You’ll note that one of these is not like the others, and I’ll explain below how “objects” fit into the bigger picture.

Let’s look at each in turn and discuss the practical steps we need to take as Laravel developers to avoid Software and Data Integrity Failures in our apps.

Secure Your Infrastructure