About hacking!
- Common Vulnerabilities and Exposures,
- Is a system for identifying and cataloging known security vulnerabilities. Each CVE entry includes a unique ID and a description of the flaw.
- CWE (Common Weakness Enumeration) is a categorization system for software and hardware weaknesses that can lead to vulnerabilities.
- It helps identify the underlying issues that could be exploited, such as buffer overflows or improper input validation.
CWE is like a catalog, and CVE is each entry in the catalog.
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
- Just Web Application Security Risks
10 categories - latest 2021 - new 2025
- A01:2021 – Broken Access Control
- CWE-425: Direct Request ('Forced Browsing')
- CWE-862: Missing Authorization
- A02:2021 – Cryptographic Failures
- A03:2021 – Injection
- A04:2021 – Insecure Design
- A05:2021 – Security Misconfiguration
- A06:2021 – Vulnerable and Outdated Components
- A07:2021 – Identification and Authentication Failures
- A08:2021 – Software and Data Integrity Failures
- A09:2021 – Security Logging and Monitoring Failures
- A10:2021 – Server-Side Request Forgery (SSRF)