Owasp Top 10 Flashcards

1
Q

This occurs when restrictions on what authenticated users can do aren’t properly enforced. Attackers can exploit these weaknesses to access unauthorized functionality or data.

A

Broken Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

this category focuses on failures related to protecting data in transit and at rest. It includes issues like weak encryption, misconfigured cryptographic modules, or not encrypting sensitive data.

A

Cryptographic Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

flaws, such as SQL, NoSQL, command, or LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. This can allow attackers to execute unintended commands or access data.

A

Injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

emphasizes the need for secure design patterns and threat modeling in the development process. It covers architectural weaknesses that cannot be fixed by simply adding security controls later.

A

Insecure Design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This vulnerability arises from insecure default configurations, incomplete configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages that provide sensitive information to attackers.

A

Security Misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Often referred to as “Using Components with Known Vulnerabilities,” this risk is about using libraries, frameworks, and other software modules that have known security issues, which attackers can exploit if not properly updated or patched.

A

Vulnerable and Outdated Components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

this category involves issues with managing user identities and sessions. Weak password policies, insecure session management, and improper implementation of multi-factor authentication fall under this category.

A

Identification and Authentication Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This category deals with failures related to code and data integrity. It includes issues where software updates, critical data, or even CI/CD pipelines are not properly protected, allowing unauthorized modifications.

A

Software and Data Integrity Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This category emphasizes the importance of comprehensive logging, alerting, and monitoring systems to identify suspicious activities early.

A

Security Logging and Monitoring Failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

vulnerabilities occur when a server fetches a remote resource without validating the user-supplied URL. This can allow attackers to trick the server into making requests to unintended locations, potentially exposing internal systems.

A

Server-Side Request Forgery (SSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly