From the course: Learning the OWASP Top 10 (2025 Version)
Join today to access over 25,300 courses taught by industry experts.
Defending against software and data integrity failures
From the course: Learning the OWASP Top 10 (2025 Version)
Defending against software and data integrity failures
When OWASP talks about software and data integrity failures, it's rarely calling out a trust problem, specifically what happens when systems trust code, updates, dependencies, or data without continuously verifying that trust. Defending against this category means shifting from, we assume this is safe to we prove this is safe every time. Let's start with code signing and artifact integrity, Because this is often the first control most people think of. Code signing is essential, but it's not sufficient on its own. Signing tells you who produced an artifact, not how it was produced, or whether the build process was compromised. Effective defense means protecting signing keys, signing artifacts at the correct stage of the pipeline, and validating signatures at every point of use, during deployment, dynamic loading, and update installation. Anything unsigned, improperly signed, or unexpectedly changed should be treated as untrusted by default. That brings us to secure build systems and…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.