OWASP 2021 top 10

1.1 A01 Broken Access Control(權限控制失效)

1.2 A02 Cryptographic Failures(加密機制失效)

1.3 A03 Injection(注入式攻擊)

1.4 A04 Insecure Design(不安全設計)

1.5 A05 Security Misconfiguration(安全設定缺陷)

1.6 A06 Vulnerable and Outdated Components(危險或過舊的元件)

1.7 A07 Identification and Authentication Failures(認證及驗證機制失效)

1.8 A08 Software and Data Integrity Failures(軟體及資料完整性失效)

1.9 A09 Security Logging and Monitoring Failures(資安記錄及監控失效)

1.10 A10 Server Side Request Forgery (SSRF)(伺服端請求偽造)

◆ 1.10.1 Spring Boot中相關的應變

◆ 1.10.2 其餘框架的相關說明

OWASP API top 10

2.1.API1:2023 Broken Object Level Authorization(失效的物件階層授權控制)

2.2.API2:2023 Broken Authentication(失效的認證)

2.3.API3:2023 Broken Object Property Level Authorization(失效的物件)

2.4.API4:2023 Unrestricted Resource Consumption(未管控的資源消耗)

2.5.API5:2023 Broken Function Level Authorization(失效的函數階層授權)

2.6.API6:2023 Unrestricted Access to Sensitive Business Flows(未控管機敏商業流程控管)

2.7.API7:2023 Server Side Request Forgery(伺服器端請求偽造)

2.8.API8:2023 Security Misconfiguration(安全性的錯誤配製)

2.9.API9:2023 Improper Inventory Management(不適當的倉儲管理)

2.10.API10:2023 Unsafe Consumption of APIs(不安全的API使用)

相關的工具與Kali Linux設定介紹

案例介紹