OWASP Top 10:
AuthN/AuthZ:
Incident Response
Cryptology
Red Team
100

This is a list of the top 10 most critical web application security risks.

What is the OWASP Top 10?

100

This term refers to verifying the identity of users.

What is Authentication?

100

This is the primary goal of incident response in cybersecurity.

What is to quickly detect, respond to, and recover from security incidents?

100

This is the process of converting plaintext into ciphertext for secure communication.

What is Encryption?

100

This security testing method identifies vulnerabilities by simulating real-world attacks.

What is Penetration Testing?

200

This allows you to execute OS-level commands through a web application

What is command injection?
200

This security principle ensures users have appropriate permissions to access resources.

What is Authorization?

200

 This phase of incident response involves analyzing the scope and impact of an incident.

What is Investigation?

200

This cryptographic method uses two keys, public and private, for secure communication.

What is Asymmetric Encryption?

200

This tool is commonly used for web application security testing, including scanning for vulnerabilities.

What is Burp Suite?

300

This security risk allows attackers to inject malicious scripts into web pages viewed by users.

What is Cross-Site Scripting (XSS)?

300

This type of authentication uses something you have and something you know.

What is Two-Factor Authentication (2FA)?

300

This type of exercise simulates a cybersecurity incident without affecting production systems.

What is a Tabletop Exercise?

300

This type of cryptographic algorithm ensures data integrity by generating a unique fixed-size string.

What is a Hash Function?

300

This type of penetration testing involves testing the security of a system with full knowledge of its internal workings.

What is White-Box Testing?

400

This security risk involves attackers using automated tools to discover valid usernames and passwords.

What is Credential Stuffing?

400

This security measure limits user access to only what is necessary for their role.

What is Principle of Least Privilege?

400

This team is responsible for coordinating and managing incident response efforts.

What is the Security Incident Response Team?

400

This type of cryptography uses the same key for both encryption and decryption.

What is Symmetric Encryption?

400

This type of penetration testing simulates an attacker with no prior knowledge of the target system.

What is Black-Box Testing?

500

This OWASP risk occurs when web applications do not properly validate and sanitize user input.

What is Injection Flaws?

500

This security method verifies user identity using features like fingerprints or facial recognition.

What is Biometric Authentication?

500

This is a critical step after an incident to prevent future occurrences.

What is Lessons Learned and Continuous Improvement? (also correct is Retrospective)

500

This cryptographic technique provides non-repudiation for electronic transactions.

What is Digital Signatures?

500

This is a common vulnerability often discovered during penetration testing that allows attackers to execute malicious code.

What is Remote Code Execution (RCE)?


M
e
n
u