CWE-657 Violation of Secure Design Principles
What this means
SiteShadow flagged patterns that suggest insecure design choices rather than a single bug. This usually means a feature is built in a way that makes it easy to misuse (or hard to secure) across the system.
Why it matters
Insecure design choices create systemic risk.
- Repeatable vulnerabilities: the same mistake shows up in many endpoints/features.
- High blast radius: design flaws affect "everything built on top".
- Hard to patch: fixes require rethinking workflows, trust boundaries, and defaults.
Safer examples
1) "Secure by default" for new features
Make the safe behavior the default (auth required, least privilege, strict validation), and require explicit opt-in for risky behavior.
2) Define trust boundaries and enforce them
Treat all client input as untrusted; re-check authorization server-side; avoid client-controlled "critical state" (see CWE-501 / CWE-642).
3) Use threat modeling for high-risk flows
Payments, auth/session, file handling, and admin capabilities should have a basic threat model and abuse-case tests.
How SiteShadow detects it (high level)
- Aggregates multiple signals (missing validation, client-side enforcement, weak defaults, risky APIs) that indicate systemic design risk.
- Prioritizes patterns affecting auth, money, data access, and privileged actions.
References
- CWE-657: https://cwe.mitre.org/data/definitions/657.html
---