2021 OWASP Top Ten: Insecure Design

Поделиться
HTML-код
  • Опубликовано: 14 янв 2025

Комментарии • 14

  • @BerniesBastelBude
    @BerniesBastelBude 2 года назад +4

    good examples - thx for explanation; I like this series!

    • @devcentral
      @devcentral  2 года назад

      ...and thanks for the comment! :-) Glad you enjoyed the video!!

  • @huy19437
    @huy19437 2 года назад +1

    How do they know the others request from Attackers is actually one?

  • @barebears289
    @barebears289 2 года назад +2

    Thank you😄

  • @proFFessor90
    @proFFessor90 2 года назад +1

    this one kinda confuses me a lot. it looks like it can be described as "logical/flow issues". need to take a closer look, atm this one is weird

  • @aishatalha5373
    @aishatalha5373 2 года назад +1

    can we detect these with the help of any Software or tool maybe ?

    • @aubreyking3685
      @aubreyking3685 2 года назад

      You bet. Any DAST or web app scanner searches for these out of the gates. We are partnered with several companies for importing scan data from these tools for our F5 Advanced Web Application Firewall. In this way, you get to understand the holes in your applications and then protect them appropriately while they get fixed. App development times can be lengthy, but WAF policy can be applied in minutes from a scan like that.

    • @mistmedia3712
      @mistmedia3712 2 года назад

      OWASP ZAP is definitely a big one if not the biggest

  • @medhasni6432
    @medhasni6432 2 года назад +2

    So it s just a business logic error, right?