Security Features
This kingdom is about the wrong usage of security functions. This includes the wrong usage of cryptographic functions, the wrong usage of authentication functions, the wrong usage of authorization functions, and so on.
Examples
- Insecure randomness
- Using insecure pseudo-random number generators (PRNGs) like
rand()(C),Math.random()(JavaScript), etc. resulting in weak random numbers.
- Using insecure pseudo-random number generators (PRNGs) like
- Incomplete access control
- A program does not consistently check whether a user is authorized to perform an action.
- Weak encryption
- Having some communication protocols that support older algorithms that are known to be insecure (e.g. DES, RC4, MD5, SHA-1, etc.).
- Insecure hashing...