Level 33 Level 35
Level 34

481 - 495


15 words 0 ignored

Ready to learn       Ready to review

Ignore words

Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.

All None

Ignore?
if production data are used in the test environment
Private or personally identifiable information should
The Open Web Application Security Project (OWASP)
Is an open community dedicated to application security
Each year, OWASP publishes a list of
The top 10 application security risks
Injection
Injection flaws occur when untrusted data is sent to
Broken Authentication and Session Management
If an application function related to authentication or
Cross-Site Scripting (XSS)
XSS flaws occur when an application takes untrusted
Insecure Direct Object References
A direct object reference occurs when a developer
Security Misconfiguration
Security settings must be defined, implemented
Sensitive Data Exposure
If web applications do not properly secure sensitive
Missing Function Level Access Control
When function level access rights are not verified,
Cross-Site Request Forgery (CSRF)
A CSRF attack occurs when an attacker forces
Using Components with Known Vulnerabilities
Certain components such as libraries, frameworks
Unvalidated Redirects and Forwards
Web applications frequently redirect or forward users
Application controls
Are controls over input, processing and output functions. They include methods to help
Application controls may consist of
Edit tests, totals, reconciliations and identification, and reporting of