owasp-top-10

Expert guidance for identifying, preventing, and remediating the most critical web application security risks based on OWASP Top 10 2021. Ranked by Risk Severity: Load detailed guidance for each vulnerability: SAST (Static) : SonarQube, Semgrep, ESLint security plugins DAST (Dynamic) : OWASP ZAP, Burp Suite SCA (Dependencies) : npm audit, Snyk, Dependabot Secrets Scanning : GitGuardian, TruffleHog Penetration Testing : Metasploit, Kali Linux tools - Conducting security audits and code reviews - Implementing secure coding practices in new features - Reviewing authentication and authorization systems - Assessing input validation and sanitization - Evaluating third-party dependencies for vulnerabilities - Designing security controls and defense-in-depth strategies - Preparing for security certifications or compliance audits - Investigating security incidents or suspicious behavior - A01 - Broken Access Control (↑ from #5) - A02 - Cryptographic Failures (formerly Sensitive Data Exposure) - A03 - Injection (↓ from #1) - A04 - Insecure Design (NEW) - A05 - Security Misconfiguration - A06 - Vulnerable and Outdated Components - A07 - Identification and Authentication Failures - A08 - Software and Data Integrity Failures (NEW) - A09 - Security Logging and Monitoring Failures - A10 - Server-Side Request Forgery (SSRF) (NEW) - Identify Scope : Determine application components and attack...