OWASP #7 (2021) – Identification and Authentication Failures
This category used to be called “Broken Authentication.” It now covers all failures in how users are identified and authenticated.
Read more…OWASP #1 (2021) – Broken Access Control
Broken Access Control means the application doesn’t correctly enforce who is allowed to do what. It’s not about logging in - it’s about what users can access after they’re logged in.
Read more…