Question

    Which of the following is NOT among the OWASP Top 10

    Web Security Risks?
    A Injection attacks Correct Answer Incorrect Answer
    B Insecure direct object references (IDOR) Correct Answer Incorrect Answer
    C Broken access control Correct Answer Incorrect Answer
    D Hardware-based attacks Correct Answer Incorrect Answer
    E Security misconfigurations Correct Answer Incorrect Answer

    Solution

    The OWASP Top 10 is a list of the most critical security risks for web applications, published by the Open Web Application Security Project (OWASP). It focuses exclusively on software vulnerabilities, such as:

    • Injection attacks: Exploits flaws in input handling to execute unintended commands (e.g., SQL injection).
    • Broken access control: Occurs when applications fail to enforce proper restrictions on user actions.
    • IDOR: A type of access control issue where attackers manipulate references to objects (e.g., file paths) to access unauthorized data.
    • Security misconfigurations: Includes improper settings in databases, servers, or frameworks that expose systems to attacks.
    Hardware-based attacks are not part of the OWASP Top 10 because they are typically outside the scope of application-level vulnerabilities. OWASP primarily addresses risks that developers can mitigate through secure coding practices and application design. Why Other Options Are Incorrect:
    • Option A, B, C, and E: These are well-documented OWASP Top 10 vulnerabilities and remain significant threats in web application security.

    Practice Next