Skip to main content

OWASP

OWASP Top Ten

Issues

  1. Broken access control
  2. Cryptographic failures
  3. Injection
  4. Insecure design
  5. Security misconfiguration
  6. Vulnerable and outdated components
  7. Identification and authentification failures
  8. Software and data integrity failures
  9. Security logging and monitoring failures*
  10. Server-side request forgery (SSRF)*

Dev Changes:

  1. Implement access control
  2. Use cryptography the proper way
  3. Validate all input & handle exceptions
  4. Address security from the start
  5. Secure by default configurations
  6. Keep your components secure
  7. Implement digital identity
  8. Use browser security features
  9. Implement security logging and monitoring
  10. Stop server-side request forgery