Key Web Application Risks: OWASP Security Flashcards
Table of Contents
- 1. OWASP Security Flashcards
- 1.1. What does OWASP stand for? drill owasp_security
- 1.2. What is the OWASP Top 10? drill owasp_security
- 1.3. Injection drill owasp_security
- 1.4. Broken Authentication drill owasp_security
- 1.5. Sensitive Data Exposure drill owasp_security
- 1.6. XML External Entities (XXE) drill owasp_security
- 1.7. Broken Access Control drill owasp_security
- 1.8. Security Misconfiguration drill owasp_security
- 1.9. Cross-Site Scripting (XSS) drill owasp_security
- 1.10. Insecure Deserialization drill owasp_security
- 1.11. Using Components with Known Vulnerabilities drill owasp_security
- 1.12. Insufficient Logging & Monitoring drill owasp_security
1. OWASP Security Flashcards
1.1. What does OWASP stand for? drill owasp_security
1.1.1. Front
What does OWASP stand for?
1.1.2. Back
Open Web Application Security Project
1.2. What is the OWASP Top 10? drill owasp_security
1.2.1. Front
What is the OWASP Top 10?
1.2.2. Back
A regularly updated report outlining the most critical web application security risks
1.3. Injection drill owasp_security
1.3.1. Front
Describe the OWASP category: Injection
1.3.2. Back
Untrusted data is sent to an interpreter as part of a command or query, tricking it into executing unintended commands or accessing unauthorized data
1.4. Broken Authentication drill owasp_security
1.4.1. Front
What is Broken Authentication in the context of OWASP?
1.4.2. Back
Weaknesses in authentication and session management that allow attackers to compromise passwords, keys, or session tokens
1.5. Sensitive Data Exposure drill owasp_security
1.5.1. Front
Explain Sensitive Data Exposure as defined by OWASP
1.5.2. Back
Failure to properly protect sensitive information such as financial data, healthcare information, or personally identifiable information (PII)
1.6. XML External Entities (XXE) drill owasp_security
1.6.1. Front
What is the XML External Entities (XXE) vulnerability?
1.6.2. Back
An attack against an application that parses XML input, where external entities can be used to disclose internal files or perform server-side request forgery
1.7. Broken Access Control drill owasp_security
1.7.1. Front
Define Broken Access Control in OWASP terms
1.7.2. Back
Restrictions on what authenticated users are allowed to do are not properly enforced, leading to unauthorized information disclosure, modification, or destruction
1.8. Security Misconfiguration drill owasp_security
1.8.1. Front
What does Security Misconfiguration refer to in OWASP?
1.8.2. Back
Insecure default configurations, incomplete or ad-hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information
1.9. Cross-Site Scripting (XSS) drill owasp_security
1.9.1. Front
Explain Cross-Site Scripting (XSS)
1.9.2. Back
A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, potentially stealing session cookies or redirecting users to malicious sites
1.10. Insecure Deserialization drill owasp_security
1.10.1. Front
What is Insecure Deserialization?
1.10.2. Back
A vulnerability where untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS), or execute arbitrary code when deserialized
1.11. Using Components with Known Vulnerabilities drill owasp_security
1.11.1. Front
Explain the OWASP category: Using Components with Known Vulnerabilities
1.11.2. Back
The use of components (libraries, frameworks, software modules) with known vulnerabilities, potentially undermining application defenses and enabling various attacks
1.12. Insufficient Logging & Monitoring drill owasp_security
1.12.1. Front
What does Insufficient Logging & Monitoring refer to in OWASP?
1.12.2. Back
Lack of adequate logging, monitoring, and incident response, allowing attackers to further attack systems, maintain persistence, and tamper with or extract data without being detected