CAPEC-690 Metadata
Likelihood of Attack
Medium
Typical Severity
High
Overview
Summary
An adversary alters the metadata of a resource (e.g., file, directory, repository, etc.) to present a malicious resource as legitimate/credible.
Prerequisites
Identification of a resource whose metadata is to be spoofed
Potential Solutions / Mitigations
Validate metadata of resources such as authors, timestamps, and statistics. Confirm the pedigree of open source packages and ensure the code being downloaded does not originate from another source. Even if the metadata is properly checked and a user believes it to be legitimate, there may still be a chance that they've been duped. Therefore, leverage automated testing techniques to determine where malicious areas of the code may exist.
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.