OWASP_TOP10A05:2021voice-validated
OWASP_TOP10 A05: A05:2021
OWASP_TOP10
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
Application may be vulnerable due to missing security hardening, improperly configured permissions on cloud services, unnecessary features enabled or installed, default accounts and passwords still active, error handling revealing stack traces, outdated security features, server/framework/library/database not securely configured, software out of date.
ATT&CK techniques this article tests · 0
| Technique | Why it maps | Confidence |
|---|
Defending mitigations · 6
| Mitigation | What it does | Confidence |
|---|---|---|
| M1028 | 1. Operating System Configuration directly addresses the secure configuration of servers, frameworks, libraries, and databases, as required by A05:2021. 2. This prevents misconfigurations at the OS level. | 90% |
| M1051 | 1. Software Configuration ensures secure settings for applications and services, including disabling unnecessary features, as specified in A05:2021. 2. This reduces the attack surface. | 90% |
| M1027 | 1. Privileged Account Management addresses default accounts and passwords, ensuring they are not active and have strong credentials, as per A05:2021. 2. This prevents unauthorized access. | 90% |
| M1016 | 1. Vulnerability Scanning identifies outdated software, missing security hardening, and misconfigurations, directly addressing A05:2021. 2. This proactively detects weaknesses. | 80% |
| M1030 | 1. Network Segmentation limits the impact of misconfigured services and prevents lateral movement, as implied by A05:2021. 2. This contains potential breaches. | 80% |
| M1047 | 1. Audit ensures proper logging and monitoring, preventing error handling from revealing sensitive information, a concern in A05:2021. 2. This enhances detection and incident response. | 80% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-215 | 1. Information Exposure Through an Error Message directly correlates with A05:2021's mention of 'error handling revealing stack traces'. 2. This exposes sensitive system details. | 90% |
| CWE-732 | 1. Incorrect Permission Assignment for Critical Resource directly addresses 'improperly configured permissions on cloud services' and general weak permissions in A05:2021. 2. This allows unauthorized access or modification. | 90% |
| CWE-798 | 1. Use of Hard-coded Credentials directly relates to 'default accounts and passwords still active' in A05:2021. 2. This provides attackers with easy access. | 90% |
| CWE-668 | 1. Exposure of Resource to Wrong Sphere covers 'improperly configured permissions on cloud services' and 'unnecessary features enabled', as per A05:2021. 2. This makes resources accessible to unauthorized entities. | 80% |
| CWE-1041 | 1. Use of Obsolete Function addresses 'software out of date' and 'outdated security features' in A05:2021. 2. This indicates reliance on insecure or unsupported components. | 80% |
| CWE-522 | 1. Insufficiently Protected Credentials directly applies to 'default accounts and passwords still active' in A05:2021. 2. This makes credentials vulnerable to compromise. | 80% |
| CWE-200 | 1. Exposure of Sensitive Information to an Unauthorized Actor is a broad category encompassing 'error handling revealing stack traces' and other misconfigurations in A05:2021. 2. This leads to data leakage. | 70% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0191 compute · voice-rubric self-validated