Sharing notes from my ongoing learning journey — what I build, break and understand along the way.
OWASP Top 10 – A10: Server-Side Request Forgery (SSRF) The final item in the OWASP Top 10 is A10: Server-Side Request Forgery (SSRF) — and it’s one of the most interesting (and dangerous) ones I’ve researched. At first, it sounds…
OWASP Top 10 – A09: Security Logging and Monitoring Failures Next up in the OWASP Top 10 series is a topic that’s less about preventing attacks and more about detecting and responding to them:A09: Security Logging and Monitoring Failures This…
OWASP Top 10 – A08: Software and Data Integrity Failures The eighth item in the OWASP Top 10 is Software and Data Integrity Failures. This category covers a wide range of issues related to trusting software, updates, configurations, or data…
OWASP Top 10 – A07: Identification and Authentication Failures While exploring software security topics, I came across an area that directly affects the very foundation of any application: authentication and identification flaws. OWASP groups these issues under A07: Identification and…
OWASP Top 10 – A06: Vulnerable and Outdated Components As I continued through the OWASP Top 10 series, the next topic brought me to an area that’s extremely common in software development, yet often underestimated in day-to-day security practices: Vulnerable…
OWASP Top 10 – A05: Security Misconfiguration As I continue diving into software security, the next item in the OWASP Top 10 list caught my attention: A05 – Security Misconfiguration. At first glance, it seemed like a basic issue —…
OWASP Top 10 – A04: Insecure Design While diving into software security, I came across the OWASP Top 10 list. As I reviewed the categories, one entry stood out: A04 – Insecure Design. Honestly, I had no idea what it…
OWASP Top 10 – A03: Injection What Is Injection? Injection is a broad class of attack where untrusted data is sent to an interpreter (such as a database, command line, or XML parser) as part of a command or query.…
OWASP Top 10 – A02: Cryptographic Failures What Is Cryptographic Failure? Cryptographic Failures (formerly known as “Sensitive Data Exposure”) refer to the misuse, misconfiguration, or complete absence of encryption and cryptographic protocols in systems handling sensitive data. It means your…
OWASP Top 10 – A01: Broken Access Control What Is Broken Access Control? Broken Access Control occurs when an application fails to enforce proper restrictions on what authenticated users are allowed to do. In other words, users can perform actions…