127 indexed
COMPLIANCECompliance controls
127 controls across 14 compliance frameworks, grouped by framework. For cross-framework Jaccard overlap see /explore/crosswalk. Authored by Adam Lundqvist.
10 in OWASP TOP10 · 127 total
| ID | Title | Summary |
|---|---|---|
| OWASP_TOP10-A01 | Broken Access Control OWASP TOP10pentest:high | Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorised information disclosure… |
| OWASP_TOP10-A02 | Cryptographic Failures OWASP TOP10pentest:high | Failures related to cryptography (or the lack thereof) which often lead to exposure of sensitive data. Includes transmission of data in clear text, use of weak… |
| OWASP_TOP10-A03 | Injection OWASP TOP10pentest:high | Application is vulnerable when user-supplied data is not validated, filtered, or sanitised; dynamic queries or non-parameterised calls without context-aware es… |
| OWASP_TOP10-A04 | Insecure Design OWASP TOP10pentest:high | Risks related to design and architectural flaws. Distinct from implementation defects — a secure design can still have implementation defects but an insecure d… |
| OWASP_TOP10-A05 | Security Misconfiguration OWASP TOP10pentest:high | Application may be vulnerable due to missing security hardening, improperly configured permissions on cloud services, unnecessary features enabled or installed… |
| OWASP_TOP10-A06 | Vulnerable and Outdated Components OWASP TOP10pentest:high | Likely vulnerable if: you do not know the versions of all components used (both client- and server-side), software is vulnerable, unsupported, or out of date (… |
| OWASP_TOP10-A07 | Identification and Authentication Failures OWASP TOP10pentest:high | Confirmation of user identity, authentication, and session management is critical. Authentication weaknesses include permitting credential stuffing, brute forc… |
| OWASP_TOP10-A08 | Software and Data Integrity Failures OWASP TOP10pentest:high | Failures related to code and infrastructure that do not protect against integrity violations. Application that relies upon plugins, libraries, or modules from … |
| OWASP_TOP10-A09 | Security Logging and Monitoring Failures OWASP TOP10pentest:high | Helps to detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected. Insufficient logging, detection, monito… |
| OWASP_TOP10-A10 | Server-Side Request Forgery (SSRF) OWASP TOP10pentest:high | SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the applica… |