Kingdom: Environment
This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.
Insecure Deployment: Known Framework Fingerprint
Abstract
Knowledge about the framework used to build the application can allow attackers to devise attacks targeted for vulnerabilities specific to detected framework.
Explanation
Attackers can fingerprint frameworks used for constructing an application based on features such as file extensions and URI patterns. This information can help an attacker to:
1. Probe for known framework vulnerabilities
2. Target weaknesses known to commonly plague applications built on top of the detected framework
3. Exploit insecure use of features specific to the detected framework
1. Probe for known framework vulnerabilities
2. Target weaknesses known to commonly plague applications built on top of the detected framework
3. Exploit insecure use of features specific to the detected framework
References
[1] Standards Mapping - OWASP Mobile 2024 M2 Inadequate Supply Chain Security
[2] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 10.2 - Threat and Vulnerability Management
[3] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 10.2 - Threat and Vulnerability Management
[4] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 10.2 - Threat and Vulnerability Management, Control Objective C.1.6 - Web Software Components & Services
[5] Standards Mapping - Web Application Security Consortium Version 2.00 Fingerprinting (WASC-45)
desc.dynamic.xtended_preview.insecure_deployment_known_framework_fingerprint