What does OWASP stand for?

Open Web Application Security Project

What is the OWASP Top 10?

A regularly updated report outlining the most critical web application security risks

Describe the OWASP category: Injection

Untrusted data is sent to an interpreter as part of a command or query, tricking it into executing unintended commands or accessing unauthorized data

What is Broken Authentication in the context of OWASP?

Weaknesses in authentication and session management that allow attackers to compromise passwords, keys, or session tokens

Explain Sensitive Data Exposure as defined by OWASP

Failure to properly protect sensitive information such as financial data, healthcare information, or personally identifiable information (PII)

What is the XML External Entities (XXE) vulnerability?

An attack against an application that parses XML input, where external entities can be used to disclose internal files or perform server-side request forgery

Define Broken Access Control in OWASP terms

Restrictions on what authenticated users are allowed to do are not properly enforced, leading to unauthorized information disclosure, modification, or destruction

What does Security Misconfiguration refer to in OWASP?

Insecure default configurations, incomplete or ad-hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information

Explain Cross-Site Scripting (XSS)

A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users, potentially stealing session cookies or redirecting users to malicious sites

What is Insecure Deserialization?

A vulnerability where untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS), or execute arbitrary code when deserialized

Explain the OWASP category: Using Components with Known Vulnerabilities

The use of components (libraries, frameworks, software modules) with known vulnerabilities, potentially undermining application defenses and enabling various attacks

What does Insufficient Logging & Monitoring refer to in OWASP?

Lack of adequate logging, monitoring, and incident response, allowing attackers to further attack systems, maintain persistence, and tamper with or extract data without being detected