Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[MASWE-0023] Weak Padding #2922

Merged
merged 21 commits into from
Jan 16, 2025
Merged
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
a4d6067
Added MASWE-0019.md
jmariasantosdekra Aug 5, 2024
6d2ee8e
Removed blank spaces from MASWE-0019.md
jmariasantosdekra Aug 5, 2024
d09e475
Added newline at the end of MASWE-0019.md
jmariasantosdekra Aug 5, 2024
611a6df
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
45ad705
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
531a37a
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
49dadc5
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
f7fe868
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
ed95b33
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
ff7dff2
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
jmariasantosdekra Sep 4, 2024
9b7a164
Update MASWE-0019.md
jmariasantosdekra Sep 4, 2024
722d802
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
cpholguera Sep 4, 2024
903993b
Merge branch 'OWASP:master' into master
jmariasantosdekra Oct 15, 2024
b660943
Merge branch 'OWASP:master' into master
jmariasantosdekra Oct 28, 2024
61a1fb5
Added MASWE-0023.md content
jmariasantosdekra Oct 28, 2024
8adaaea
Removed newlines and blank spaces
jmariasantosdekra Oct 28, 2024
74d6df0
Added final blankspace
jmariasantosdekra Oct 28, 2024
0f3b756
Update weaknesses/MASVS-CRYPTO/MASWE-0023.md
jmariasantosdekra Jan 10, 2025
336a22f
Update MASWE-0023.md
jmariasantosdekra Jan 10, 2025
06ea678
Update MASWE-0023.md
jmariasantosdekra Jan 14, 2025
3251f66
remove some unneded points
cpholguera Jan 16, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Update weaknesses/MASVS-CRYPTO/MASWE-0019.md
Co-authored-by: Carlos Holguera <perezholguera@gmail.com>
  • Loading branch information
jmariasantosdekra and cpholguera authored Sep 4, 2024
commit 49dadc5734ccbea3ca0a652d2ab50f9fe99fcff6
9 changes: 5 additions & 4 deletions weaknesses/MASVS-CRYPTO/MASWE-0019.md
Original file line number Diff line number Diff line change
@@ -35,10 +35,11 @@ The impact associated with such defects can be very broad and difficult to predi

## Modes of Introduction

Weak, outdated or custom cryptographic algorithms can be found in several areas:

- **App Source Code**: In modules where cryptographic algorithms are used.
- **Libraries**: Third-party or app dependencies where cryptographic algorithms are imported.
- **Deviation from standard libraries**: Not using well-known libraries for cryptography, such as those provided by the platforms like Conscrypt or CryptoKit, or other well-established libraries like OpenSSL, BouncyCastle, etc.
- **Use of cryptographic constants**: Hardcoded cryptographic constants are typically used to implement cryptographic algorithms. These constants include S-boxes (substitution boxes) for block ciphers, permutation tables, etc.
- **Use of low-level mathematical operations**: Low-level mathematical operations (such as bitwise operations, shifts, custom padding schemes) typically used in cryptographic algorithms.
- **High entropy code**: An indicator of cryptographic implementations or heavily obfuscated code that may hide cryptographic algorithms from reverse engineering.
- **Use of non-cryptographic functions**: Non-cryptographic functions such as Base64 encoding or XOR instead of encryption.

## Mitigations