What you'll learn

Modern applications are a collection of open-source libraries, third-party services, serialized data, and automated pipelines. Without integrity controls, any one of these components can be modified, replaced, or injected with malicious content, turning trusted software into an attack vector. Incidents like SolarWinds, Codecov, and the Equifax breach demonstrate the devastating consequences of integrity failures across code, data, and deployment processes. In this course, OWASP: Software or Data Integrity Failures, you'll learn how to identify and defend against integrity-related vulnerabilities across the software lifecycle. First, you'll explore how integrity failures occur, examining insecure deserialization, unverified auto-updates, and build-chain compromises that allow attackers to inject malicious code into trusted systems. Next, you'll discover how to implement integrity verification techniques, including checksums, digital signatures, code signing, and dependency management, to ensure only validated components enter your applications.

Finally, you'll learn how to secure CI/CD workflows using signed commits, trusted repositories, and change-validation gates to prevent unauthorized modifications from reaching production.

When you're finished with this course, you'll have the skills and knowledge of software and data integrity needed to protect your applications, pipelines, and data flows from tampering, ensuring that what you build and deploy is exactly what you intended.