Insecure design

At first glance, this OWASP category may seem excessively broad. It encompasses many risks that plague all types of apps and APIs. Its intention, however, is to reveal how many security problems arise early on — and the importance of considering them during the initial planning phase.

The insecure design does not refer to a specific mistake, but rather, an overarching way of thinking that needs to be addressed. According to OWASP, this problem calls for a security-first mindset, complete with "more threat modeling, secure design patterns and principles, and reference architectures."

When possible, weaknesses should be revealed well before implementation. Some threats can be identified before any code is actually written. These issues might be more difficult to detect down the line. Another perk is that this approach can be a lot more efficient, as it reduces the need for revised security solutions down the road.

https://www.sitelock.com/blog/top-10-owasp-vulnerabilities/

SELECT id FROM users WHERE username = "sia"

Search This Blog

Insecure design

Insecure design

Comments

Post a Comment