OWASP Top 10 — Les 10 risques web critiques
★★★★★
OWASP Top 10 2021
A01 Broken Access Control (était #5 en 2017)
A02 Cryptographic Failures (anciennement Sensitive Data Exposure)
A03 Injection (SQLi, XSS, SSTI, LDAP...)
A04 Insecure Design (nouveau 2021)
A05 Security Misconfiguration
A06 Vulnerable & Outdated Components
A07 Identification & Auth Failures
A08 Software & Data Integrity Failures (Desérialization)
A09 Security Logging & Monitoring Failures
A10 SSRF (nouveau 2021) Ressources
owasp.org/Top10 · portswigger.net/web-security (labs gratuits) · hackthebox.com · tryhackme.com · root-me.org