OWASP Top 10
5 min read Quiz at the end
OWASP Top 10: Broken Access Control, Injections, Crypto Failures — the most critical web vulnerabilities.
OWASP Top 10 Web Vulnerabilities
| # | Vulnerability | Quick Fix |
|---|
| A01 | Broken Access Control | Enforce server-side auth on every endpoint |
| A02 | Cryptographic Failures | TLS 1.3, AES-256, bcrypt for passwords |
| A03 | Injection (SQL, XSS, LDAP) | Parameterised queries, input validation |
| A04 | Insecure Design | Threat model, secure design patterns |
| A05 | Security Misconfiguration | Harden configs, disable debug, auto-scan |
| A06 | Vulnerable Components | SCA scanning, update dependencies |
| A07 | Auth and Session Failures | MFA, secure session management, strong passwords |
| A08 | Integrity Failures | Verify software signatures, secure CI/CD |
| A09 | Logging Failures | Log all auth events, alert on anomalies |
| A10 | SSRF | Validate URLs, block internal IP ranges |
# OWASP ZAP automated scan
docker run -t owasp/zap2docker-stable zap-baseline.py
-t https://myapp.com -r zap_report.html
# SQLMap injection test (authorised testing only)
sqlmap -u 'https://myapp.com/user?id=1' --dbs
Topic Quiz · 1 questions
Test your understanding before moving on
1. What is the #1 vulnerability in OWASP Top 10 2021?
💡 Broken Access Control (A01) replaced Injection as the top vulnerability in the 2021 OWASP Top 10.