OWASP Study Cards
Click any card to reveal the answer
Click any card to reveal the answer
Open Web Application Security Project
A list of the most critical web application security risks updated every few years
Failure to properly restrict what authenticated users are allowed to do
Failures related to cryptography that often lead to exposure of sensitive data
Flaws that occur when untrusted data is sent to an interpreter as part of a command or query
A code injection technique that exploits vulnerabilities in database queries
Security flaws that stem from poor design and architectural decisions
Improperly configured security settings in applications frameworks or servers
Using components with known vulnerabilities or that are out of date
Weaknesses in user identity confirmation authentication and session management
Failures to protect against integrity violations in software updates and data
Insufficient logging monitoring and incident response capabilities
A vulnerability that allows attackers to make requests from the server to unintended locations
A vulnerability that allows injection of malicious scripts into web pages viewed by other users
Reflected XSS Stored XSS and DOM-based XSS
An attack that forces authenticated users to submit unintended requests to web applications
An open-source web application security scanner for finding vulnerabilities
Application Security Verification Standard - a framework for testing web application security
Software Assurance Maturity Model for assessing and improving secure development practices
A comprehensive manual for testing web application security
The process of ensuring that user input meets expected criteria before processing
The process of converting data to a safe format before displaying it to prevent XSS
A technique to prevent SQL injection by separating SQL code from user data
Granting users only the minimum access rights needed to perform their functions
A layered security approach using multiple security controls to protect resources
A structured approach to identifying and addressing potential security threats
A framework for assessing and rating security risks based on likelihood and impact
The process of securely handling user sessions including creation storage and destruction
Development practices that help prevent security vulnerabilities in applications
A collection of concise security guidance documents for developers and security professionals
Remember: Use all available resources to study. Flearn alone cannot guarantee success in any exams—make sure to supplement your learning!