OWASP Top 10

Access control ensures users operate only within their authorized permissions. When it fails, it can allow unauthorized data access, modification, destruction, or execution of actions beyond a user’s intended privileges.

Security misconfiguration occurs when a system, application, or cloud service is improperly configured, resulting in security vulnerabilities.

Software supply chain failures occur when the processes used to build, distribute, or update software are disrupted or compromised. These failures often stem from vulnerabilities or malicious alterations in third-party code, tools, or other dependencies that the software depends on.

This is a broad topic that can lead to sensitive data exposure or system compromise. We want to make sure we are always protecting data and storing it securely.

An injection vulnerability occurs when an application passes untrusted user input to an interpreter, causing the interpreter to execute that input as commands.

Insecure design refers to missing or ineffective security controls and is distinct from insecure implementation, as design flaws and implementation defects have different causes, occur at different stages, and require different fixes.

Are you who you say you are? We need to always confirm the users’ identity, authentication, and session management.

Let’s not rely on plugins, libraries, or modules from untrusted sources! This includes repositories and content delivery networks (CDNs).

How are we supposed to detect a breach when we have no logs? Logging and monitoring are crucial for our applications.

Mishandling exceptional conditions occurs when software fails to properly prevent, detect, or handle unusual or unexpected situations. This can result in crashes, unpredictable behavior, or security vulnerabilities.