Reverse OWASP TOP 10 Flashcards

1
Q

Broken Access Control

A

This occurs when restrictions on what authenticated users can do aren’t properly enforced. Attackers can exploit these weaknesses to access unauthorized functionality or data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cryptographic Failures

A

this category focuses on failures related to protecting data in transit and at rest. It includes issues like weak encryption, misconfigured cryptographic modules, or not encrypting sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Injection

A

Injection flaws, such as SQL, NoSQL, command, or LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. This can allow attackers to execute unintended commands or access data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Insecure Design

A

A newer category in the OWASP Top 10, Insecure Design emphasizes the need for secure design patterns and threat modeling in the development process. It covers architectural weaknesses that cannot be fixed by simply adding security controls later.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Security Misconfiguration

A

This vulnerability arises from insecure default configurations, incomplete configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages that provide sensitive information to attackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerable and Outdated Components

A

Often referred to as “Using Components with Known Vulnerabilities,” this risk is about using libraries, frameworks, and other software modules that have known security issues, which attackers can exploit if not properly updated or patched.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identification and Authentication Failures

A

this category involves issues with managing user identities and sessions. Weak password policies, insecure session management, and improper implementation of multi-factor authentication fall under this category.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Software and Data Integrity Failures

A

This category deals with failures related to code and data integrity. It includes issues where software updates, critical data, or even CI/CD pipelines are not properly protected, allowing unauthorized modifications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Logging and Monitoring Failures

A

Without proper logging and monitoring, it’s challenging to detect and respond to breaches or attacks. This category emphasizes the importance of comprehensive logging, alerting, and monitoring systems to identify suspicious activities early.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Server-Side Request Forgery (SSRF)

A

SSRF vulnerabilities occur when a server fetches a remote resource without validating the user-supplied URL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly