OWASP top 10
What is the OWASP top 10?
OWASP stands for Open Web Application Security Project. This non-profit foundation works to improve software security. They have published a top 10 list that acts as an awareness document for developers. It represents a broad consensus about the most critical security risks.
Our goal at Snyk Learn is to educate developers and one way we do that is by covering the OWASP top 10 list. By completing the modules below, you will have taken steps toward creating more secure applications and having a better understanding of security risks!
Save your learning progress.
- Track your learning progress
- Keep up to date with the latest vulnerabilities
- Scan your application code to stay secure
Broken Access Control
Broken Access Control had more occurrences in applications than in any other category. We want to ensure users are acting within their intended purposes.
This is a broad topic that can lead to sensitive data exposure or system compromise. We want to make sure we are always protecting data and storing it securely.
Insecure design represents different weaknesses, expressed as “missing or ineffective.
As software becomes more configurable, there is more that needs to be done to ensure it is configured properly and securely.
Vulnerable and outdated components
By the time you finish reading this, a new vulnerability has been found! We need to make sure we are keeping up-to-date with our components.
Identification and Authentication Failures
Are you who you say you are? We need to always confirm the users’ identity, authentication, and session management.
Software and Data Integrity Failures
Let’s not rely on plugins, libraries, or modules from untrusted sources! This includes repositories and content delivery networks (CDNs).
Security Logging and Monitoring Failures
How are we supposed to detect a breach when we have no logs? Logging and monitoring are crucial for our applications.