| 1 |
A01:2021 Broken Access Control
|
This occurs when restrictions on what authenticated users are allowed to do are not properly enforced, allowing unauthorized access to sensitive data or functionality. |
| 2 |
A02:2021 Cryptographic Failures
|
This includes weaknesses in cryptographic algorithms, key management, and data protection methods. |
| 3 |
A03:2021 Injection
|
This occurs when untrusted data is sent to an interpreter as part of a command or query, leading to unintended execution of malicious commands (e.g., SQL injection). |
| 4 |
A04:2021 Insecure Design
|
This refers to security flaws that arise from inadequate or missing security controls during the design phase of an application. |
| 5 |
A05:2021 Security Misconfiguration
|
This occurs when security settings are not properly configured, leaving the application vulnerable to attacks. |
| 6 |
A06:2021 Vulnerable and Outdated Components
|
This involves using components (e.g., libraries, frameworks) with known vulnerabilities or outdated versions that are no longer supported. |
| 7 |
A07:2021 Identification and Authentication Failures
|
This covers problems such as flawed authentication mechanisms and inadequate session management. |
| 8 |
A08:2021 Software and Data Integrity Failures
|
This occurs when software or data is tampered with, leading to unauthorized modifications or execution of malicious code. |
| 9 |
A09:2021 Security Logging and Monitoring Failures
|
This pertains to insufficient logging and monitoring, which can hinder detection of security breaches. |
| 10 |
A10:2021 Server-Side Request Forgery (SSRF)
|
This involves attackers inducing a server to make unauthorized requests to internal or external resources. |
