OWASP Top 10 Security Vulnerabilities

Question 1

How do you mitigate against Broken Access Control?

Answer 1

Limit visitor access to only authorised pages or sections.

Principle of least privilege.

Question 2

How do you mitigate against Cryptographic Failures?

Answer 2

Use secure cryptographic practices to protect data in transit and at rest.

Strong hash algorithms and neverwriteown encyption

Question 3

How do you mitigate against Injection Attacks?

Answer 3

Parameterised SQL commands for all data coming from user.

Enums, TryParse, lookup values

Question 4

How do you mitigate against Insecure Design?

Answer 4

Threat modelling, secure design patterns and reference architectures.

Question 5

How do you mitigate against Security Misconfiguration?

Answer 5

Proper security hardening and config of components. Review and update properly.

Question 6

How do you mitigate against Vulnerable and Outdated Components?

Answer 6

Keep frameworks up-to-date with Nuget and avoid those with security issues.

Question 7

How do you mitigate against Identification and Authentication Failures?

Answer 7

Ensure proper identification and authentication measures.

Question 8

How do you mitigate against Software and Data Integrity Failures?

Answer 8

Ensure integrity of software and data.

Question 9

How do you mitigate against Security Logging and Monitoring Failures?

Answer 9

Ensure proper logging and monitoring of security events.

Question 10

How do you mitigate against Server-side Request Forgery (SSRF)?

Answer 10

Prevent unauthorised server-side requests by IP or application whitelisting