Advanced Vocabulary #owasp#security#web

OWASP Top 10 Vocabulary

5 exercises — Practice OWASP Top 10 security vocabulary in English: the A01-A10 category system, injection attacks, XSS, SSRF, and broken access control.

Core OWASP vocabulary clusters
  • Top 10 categories: A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable Components, A07 Auth Failures, A08 Data Integrity, A09 Logging Failures, A10 SSRF
  • Injection family: SQL injection, command injection, LDAP injection, NoSQL injection, template injection
  • Client-side attacks: XSS (stored, reflected, DOM-based), CSRF, clickjacking
  • Server-side attacks: SSRF, XXE (XML External Entity), path traversal
0 / 5 completed
1 / 5
A security engineer briefs the development team before a penetration test:
"We follow the OWASP Top 10 — it's the industry-standard list of the most critical web application security risks. The number-one risk in the 2021 edition is A01: Broken Access Control. This means the application fails to enforce what users are allowed to do. A user can escalate their privileges, access another user's data, or view admin pages by simply manipulating a URL parameter or an API request. It's not about hacking encryption — it's about the app trusting user input to determine access."
What does Broken Access Control (A01) mean in the OWASP Top 10?