Menu Icon

Cobalt Vulnerability Wiki

Cobalt Vulnerability Wiki


Toggle Arrow IconV2 - AuthenticationToggle Arrow IconV3 - Session ManagementToggle Arrow IconV4 - Access ControlToggle Arrow IconV5 - Validation/SanitizationToggle Arrow IconV6 - CryptographyToggle Arrow IconV7 - Error LoggingToggle Arrow IconV8 - Data ProtectionToggle Arrow IconV9 - CommunicationsToggle Arrow IconV10 - Malicious Code
Subdomain Takeover
Toggle Arrow IconV11 - Business LogicToggle Arrow IconV12 - Files ResourcesToggle Arrow IconV13 - APIToggle Arrow IconV14 - Config
Arrow Left

V10 - Malicious Code

Ensure that code satisfies the following high level requirements:

• Malicious activity is handled securely and properly to not affect the rest of the application.

• Does not have time bombs or other time-based attacks.

• Does not "phone home" to malicious or unauthorized destinations.

• Does not have back doors, Easter eggs, salami attacks, rootkits, or unauthorized code that can be controlled by an attacker.

Finding malicious code is proof of the negative, which is impossible to completely validate. Best efforts should be undertaken to ensure that the code has no inherent malicious code or unwanted functionality.

Ready to get started?

our platformschedule a demo
Aircall logoAlgolia logoCangageCredit KarmaDattoEgnyteHubspotMovinimageMulesoftPendoSentaraSmarshSnowSolarisTalkdeskVerifoneKubraAxel SpringerNuna

Join some of these great clients we're proud to have helped