OWASP 2021 Archives - Prepaid Academy: Prepaid Program Management LLC

Server-Side Request Forgery (SSRF) – #10 OWASP Top 10 2021

Overview SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a …

[Continue Reading...]

Security Logging and Monitoring Failures – #9 OWASP Top 10 2021

Overview Returning to the OWASP Top 10 2021, this category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected. Insufficient …

[Continue Reading...]

Software and Data Integrity Failures- #8 OWASP Top 10 2021

Overview Software and data integrity failures relate to code and infrastructure that does not protect against integrity violations. An example of this is where an application relies upon plugins, …

[Continue Reading...]

Identification and Authentication Failures – #7 OWASP Top 10 2021

Overview Confirmation of the user’s identity, authentication, and session management is critical to protect against authentication-related attacks. There may be authentication weaknesses if the application: Permits automated attacks such …

[Continue Reading...]

Vulnerable and Outdated Components – #6 OWASP Top 10 2021

Overview You are likely vulnerable: If you do not know the versions of all components you use (both client-side and server-side). This includes components you directly use as well …

[Continue Reading...]

Security Misconfiguration – – #5 OWASP Top 10 2021

Overview The application might be vulnerable if the application is: Missing appropriate security hardening across any part of the application stack or improperly configured permissions on cloud services. Unnecessary …

[Continue Reading...]

Insecure Design – #4 OWASP Top 10 2021

Overview Insecure design is a broad category representing different weaknesses, expressed as “missing or ineffective control design.” Insecure design is not the source for all other Top 10 risk …

[Continue Reading...]

Injection – #3 OWASP Top 10 2021

Overview An application is vulnerable to attack when: User-supplied data is not validated, filtered, or sanitized by the application. Dynamic queries or non-parameterized calls without context-aware escaping are used …

[Continue Reading...]

Cryptographic Failures – #2 OWASP Top 10 2021

Overview The first thing is to determine the protection needs of data in transit and at rest. For example, passwords, credit card numbers, health records, personal information, and business …

[Continue Reading...]

Broken Access Control – #1 OWASP Top 10 2021

Overview Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or …

[Continue Reading...]

Lesson Category: OWASP 2021