Application API Message Manipulation via Man-in-the-Middle |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Transaction or Event Tampering via Application API Manipulation |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Application API Navigation Remapping |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Navigation Remapping To Propagate Malicious Content |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Application API Button Hijacking |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|