Application Software
- TID-301: Applications Binaries Modified
- TID-302: Install Untrusted Application
- TID-303: Excessive Trust in Offboard Management/IDE Software
- TID-304: Manipulate Runtime Environment
- TID-305: Program Executes Dangerous System Calls
- TID-306: Sandboxed Environments Escaped
- TID-307: Device Code Representations Inconsistent
- TID-308: Code Overwritten to Avoid Detection
- TID-309: Device Exploits Engineering Workstation
- TID-310: Remotely Accessible Unauthenticated Services
- TID-311: Default Credentials
- TID-312: Credential Change Mechanism Can Be Abused
- TID-313: Unauthenticated Session Changes Credential
- TID-314: Passwords Can Be Guessed Using Brute-Force Attempts
- TID-315: Password Retrieval Mechanism Abused
- TID-316: Incorrect Certificate Verification Allows Authentication Bypass
- TID-317: Predictable Cryptographic Key
- TID-318: Insecure Cryptographic Implementation
- TID-319: Cross Site Scripting (XSS)
- TID-320: SQL Injection
- TID-321: HTTP Application Session Hijacking
- TID-322: Cross Site Request Forgery (CSRF)
- TID-323: Path Traversal
- TID-324: HTTP Direct Object Reference
- TID-325: HTTP Injection/Response Splitting
- TID-326: Insecure Deserialization
- TID-327: Out of Bounds Memory Access
- TID-328: Hardcoded Credentials
- TID-329: Improper Password Storage
- TID-330: Cryptographic Timing Side-Channel