OWASP
OWASP Top Ten
Issues
- Broken access control
- Cryptographic failures
- Injection
- Insecure design
- Security misconfiguration
- Vulnerable and outdated components
- Identification and authentification failures
- Software and data integrity failures
- Security logging and monitoring failures*
- Server-side request forgery (SSRF)*
Dev Changes:
- Implement access control
- Use cryptography the proper way
- Validate all input & handle exceptions
- Address security from the start
- Secure by default configurations
- Keep your components secure
- Implement digital identity
- Use browser security features
- Implement security logging and monitoring
- Stop server-side request forgery
