OWASP Top 10 (2021)

Access control ensures users operate only within their authorized permissions. When it fails, it can allow unauthorized data access, modification, destruction, or execution of actions beyond a user’s intended privileges.

This is a broad topic that can lead to sensitive data exposure or system compromise. We want to make sure we are always protecting data and storing it securely.

An injection vulnerability occurs when an application passes untrusted user input to an interpreter, causing the interpreter to execute that input as commands.

Insecure design refers to missing or ineffective security controls and is distinct from insecure implementation, as design flaws and implementation defects have different causes, occur at different stages, and require different fixes.

Security misconfiguration occurs when a system, application, or cloud service is improperly configured, resulting in security vulnerabilities.

By the time you finish reading this, a new vulnerability has been found! We need to make sure we are keeping up-to-date with our components.

Are you who you say you are? We need to always confirm the users’ identity, authentication, and session management.

Let’s not rely on plugins, libraries, or modules from untrusted sources! This includes repositories and content delivery networks (CDNs).

How are we supposed to detect a breach when we have no logs? Logging and monitoring are crucial for our applications.

SSRF flaws occur whenever we fetch a remote resource without validating the URL supplied by the user.