A place to launch cybersecurity learning and brushing up is OWASP, Open Worldwide Application Security Project. An organization working to software security. The top ten details leading vulnerabilities for the year. And this year's winners are...
Broken Access Control
Cryptographic Failures
Injection
Insecure Design
Security Misconfiguration
Vulnerable and Outdated Components
Identification and Authentication Failures
Software and Data Integrity Failures
Security Logging and Monitoring Failures
Server-Side Request Forgery
I'll dive into each vulnerability in a series of posts defining the risk, well-known incidents and defensive practices. And, I'll start with Broken Access Control, users are given or gain access to information or privileges within an application outside the role of their account. An example is Alice. She works for a bank. She's never told anyone, but she uses an application that seems to grant her more privilege than she thought she should have. If Alice isn't a model employee, she may be able to access information or take actions within the application that could cause customer relations or business harm.
I'll begin a deeper dive tomorrow regarding Broken Access Control.
Open Worldwide Application Security Project (2025, September 15) Top 10 Web Application Security Risks. https://owasp.org/www-project-top-ten/
Broken Access Control
BAC Lexicon:
-CORS Cross-Origin Resource Sharing
Client Web applications loaded in one domain to interact with other, outside domains.
-Metadata
Explains other data
-API Application Programming Interface
Allows communication between applications in network and out of network
AWS (2025, September 18) What is CORS? https://aws.amazon.com/what-is/cross-origin-resource-sharing/
Comments