Choose the best description of the main goal of the OWASP Top 10 list.
Think about what a security risk list aims to do for developers and organizations.
The OWASP Top 10 is a list that highlights the most critical security risks for web applications. It helps developers and organizations focus on fixing the most important vulnerabilities.
Select the option that is not included in the OWASP Top 10 security risks for 2021.
Consider which option is more about social engineering than a technical web application vulnerability.
Phishing attacks are social engineering attacks and are not listed in the OWASP Top 10, which focuses on technical web application security risks.
Analyze the impact of Broken Access Control and select the best description of its risk.
Think about what 'access control' means in terms of permissions and user rights.
Broken Access Control means users can do things they are not supposed to, like viewing or changing data without permission.
Compare Injection and Cross-Site Scripting and select the option that best explains their difference.
Consider where the malicious code is executed in each attack type.
Injection attacks send harmful commands to the backend database or system, while XSS injects scripts that run in the user's browser.
Reason why incorrect or incomplete security settings can lead to serious vulnerabilities in web applications.
Think about what happens if security settings are left at default or not properly set.
Security Misconfiguration means the app or server is not set up securely, which can expose sensitive data or allow attackers to take control easily.