OWASP Top 10
Last updated
Last updated
Number | Category | Description |
---|---|---|
1.
Restrictions are not appropriately implemented to prevent users from accessing other users accounts, viewing sensitive data, accessing unauthorized functionality, modifying data, etc.
2.
Failures related to cryptography which often leads to sensitive data exposure or system compromise.
3.
User-supplied data is not validated, filtered, or sanitized by the application. Some examples of injections are SQL injection, command injection, LDAP injection, etc.
4.
These issues happen when the application is not designed with security in mind.
5.
Missing appropriate security hardening across any part of the application stack, insecure default configurations, open cloud storage, verbose error messages which disclose too much information.
6.
Using components (both client-side and server-side) that are vulnerable, unsupported, or out of date.
7.
Authentication-related attacks that target user's identity, authentication, and session management.
8.
Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. An example of this is where an application relies upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks (CDNs).
9.
This category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected..
10.
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).