A08 — Software & Data Integrity Secure

Secure idea: verify the update archive’s sha256 (and/or a detached signature) before installing. Reject mismatches and log decisions.

1. Click Install Verified Update — it checks updates/update_v1.sha256 (and .sig if present).
2. Compare with the insecure page where it installs blindly.

Secure idea: reject PHP-serialized blobs; accept **JSON only** and validate against an allowlist of fields/types before use.

1. Submit safe JSON (e.g., {"action":"greet","name":"Alice"}).
2. Try to submit a PHP-serialized payload — it will be blocked.

Secure idea: load configs from a trusted channel and require a valid HMAC/signature (e.g., data/config.json + config.json.hmac). Refuse unverified content.

1. Click Load Verified Config to see the parsed, signed settings.
2. On the insecure page, unverified remote JSON is applied blindly.

Secure idea: only load approved plugins by ID + hash from an allowlist, verify content hash, and store/execute outside the webroot via a safe wrapper.

1. Select a plugin file (e.g., a harmless PHP stub) and provide its allowed plugin_id.
2. Secure loader will verify against plugin_loader/allowlist.json before loading.

Secure idea: require a signed manifest/attestation for release bundles before deploy; verify all file hashes, then stage into /cicd/releases.

1. Upload a build zip + manifest (and signature if you wire one in) to the secure deployer.
2. It verifies manifest integrity and logs the outcome.