TOP 10 OWASP
OFFHACK adopts OWASP (Open Web Application Security Project) as the base for the analysis of vulnerabilities in web applications, according to two methods.
TOP 10 OWASP 2021
Una revisión con el top 10 de OWASP 2021, se recomienda para una revisión inicial, con un enfoque costo-beneficio
A01:2021-Broken Access Control
A02:2021-Cryptographic Failures
A03:2021-Injection
A04:2021-Insecure Design
A05:2021-Security Misconfiguration
A06:2021-Vulnerable and Outdated Components
A07:2021-Identification and Authentication Failures
A08:2021-Software and Data Integrity Failures
A09:2021-Security Logging and Monitoring Failures
A10:2021-Server-Side Request Forgery
OWASP TOP 10 PROACTIVE CONTROLS 2018
OWASP's Top Ten Proactive Controls describe the most important control categories that every architect and developer should include, at 100%, in every project.
C1 Define Security Requirements
C2 Leverage Security Frameworks and Libraries
C3 Secure Database Access
C4 Encode and Escape Data
C5 Validate All Imputs
C6 Implement Digital Identity
C7 Enforce Access Control
C8 Protect Data Everywhere
C9 Implement Security Logging and Monitoring
C10 Handle All Errors and Exceptions
Between the types of objectives that we search, they are:
Information Collection | Configuration and Operation | Session Validation | Authentication Evaluation | Authorization Evaluation | Session Evaluation | Input Data Validation | Error Handling | Cryptography and Communications
EN 
ES