Application Software

• TID-301 - Applications Binaries Modified
• TID-302 - Install Untrusted Application
• TID-303 - Excessive Trust in Offboard Management/IDE Software
• TID-304 - Manipulate Runtime Environment
• TID-305 - Program Executes Dangerous System Calls
• TID-306 - Sandboxed Environments Escaped
• TID-307 - Device Code Representations Inconsistent
• TID-308 - Code Overwritten to Avoid Detection
• TID-309 - Device Exploits Engineering Workstation
• TID-310 - Remotely Accessible Unauthenticated Services
• TID-328 - Hardcoded Credentials
• TID-311 - Default Credentials
• TID-312 - Credential Change Mechanism Can Be Abused
• TID-313 - Unauthenticated Session Changes Credential
• TID-314 - Passwords Can Be Guessed Using Brute-Force Attempts
• TID-315 - Password Retrieval Mechanism Abused
• TID-316 - Incorrect Certificate Verification Allows Authentication Bypass
• TID-317 - Predictable Cryptographic Key
• TID-318 - Insecure Cryptographic Implementation
• TID-319 - Cross Site Scripting (XSS)
• TID-320 - SQL Injection
• TID-321 - HTTP Application Session Hijacking
• TID-322 - Cross Site Request Forgery (CSRF)
• TID-323 - HTTP Path Traversal
• TID-324 - HTTP Direct Object Reference
• TID-325 - HTTP Injection/Response Splitting
• TID-326 - Insecure Deserialization
• TID-327 - Out of Bounds Memory Access
• TID-329 - Improper Password Storage
• TID-330 - Cryptographic Timing Side-Channel