0
Intermediate Security

OWASP Top 10

Critical security risks: XSS, injection, CSRF, and more.

Top 10 Web Vulnerabilities

The OWASP Top 10 is the industry-standard list of the most critical web application security risks.

2021 Top 10

  1. Broken Access Control: Users accessing unauthorized resources
  2. Cryptographic Failures: Weak encryption, exposed secrets
  3. Injection: SQL, NoSQL, OS command injection
  4. Insecure Design: Missing security in architecture
  5. Security Misconfiguration: Default configs, verbose errors
  6. Vulnerable Components: Outdated dependencies
  7. Auth Failures: Broken session management
  8. Data Integrity: Untrusted serialization, CI/CD
  9. Logging Failures: Missing audit trails
  10. SSRF: Server-side request forgery

XSS Prevention

// Bad - vulnerable
element.innerHTML = userInput;

// Good - escaped
element.textContent = userInput;

SQL Injection Prevention

// Bad - vulnerable
query = "SELECT * FROM users WHERE id = " + userId;

// Good - parameterized
query = "SELECT * FROM users WHERE id = $1";
db.query(query, [userId]);