Read about OWASP

[knowprabhjyot]

Read about OWASP Top 10

[PhucMaii]

1. Broken Access Control: Allow unauthorized user to access restricted resources
2. Cryptographic Failures: Attackers can target sensitive data such as credit card number, password, and personal information when you don't protect them properly
3. Injection: Attackers attempt to send data in a way that will change the meaning of commands being sent to interpreter for bad purpose
4. Insecure Design: The lack of security controls being integrated into application throughout development cycle. For example, WordPress do not set limits for the unsuccessful login attempt on the admin panel, therefore attackers can expose to brute force attack
5. Security Misconfiguration: When system or application configuration settings are missing or erroneously implemented, which leads to allowing unauthorized access
6. Vulnerable and Outdated Component: Third-party libraries or frameworks that is known vulnerabilities or no longer supported by their developer.
7. Identification and Authentication Failures: It leaves the application susceptible to attack and leaves user account and data at risk
8. Software and Data Integrity: Relate to code and infrastructure that does not protect against integrity violation
9. Logging and Monitoring Failures: Where logging and monitoring system are inadequate to identify and responds to incident
10. Server-Side Request Forgery: Attackers attempts to attack server functionality to access or modify resources