Insecure whitelist configuration

Insecure whitelist configuration

Risk: hardening

Description

The application's whitelist allows unrestricted access to all resources*.

Recommendation

Cordova offers a powerful security model to provide developers with the tools to prevent unauthorized access and Cross-Site Scripting vulnerabilities.

Cordova whitelist manages network security access and must authorize explicitly accessible resources only.

Links

• Cordova Security Whitelist and Content Security Policy Guide
• Apache Cordova CVE-2015-5256
• Apache Cordova CVE-2015-1835

Standards

• OWASP_MASVS_L1:
  • MSTG_PLATFORM_1
• OWASP_MASVS_L2:
  • MSTG_PLATFORM_1
• PCI_STANDARDS:
  • REQ_2_2
  • REQ_6_2
  • REQ_6_3
  • REQ_7_3
  • REQ_11_3