OWASP Top 10: The Security Risks We Protect Against
The OWASP (Open Web Application Security Project) Top 10 is the most widely recognised standard for web application security risks. We build protection against all OWASP Top 10 risks into every application we deliver.
The OWASP Top 10 (2021)
- Broken Access Control: Users accessing data or functions they should not be able to. We implement strict authorisation checks at every layer.
- Cryptographic Failures: Weak or absent encryption of sensitive data. We enforce encryption in transit (HTTPS) and at rest.
- Injection: Attackers inserting malicious code (SQL, commands) through input fields. We use parameterised queries and input validation throughout.
- Insecure Design: Security not considered in the design phase. We conduct threat modelling before building.
- Security Misconfiguration: Default credentials, unnecessary features enabled, verbose error messages. We apply security hardening to all environments.
- Vulnerable and Outdated Components: Using libraries with known vulnerabilities. We scan dependencies continuously.
- Authentication Failures: Weak passwords, missing MFA, insecure session management. We implement robust authentication patterns.
- Software and Data Integrity Failures: Code or updates from untrusted sources. We verify the integrity of dependencies and deployment pipelines.
- Security Logging Failures: Insufficient logging to detect and investigate incidents. We implement comprehensive audit logging.
- Server-Side Request Forgery (SSRF): Forcing the server to make requests to unintended destinations. We validate and restrict all server-initiated requests.