312-50V10 · Question #743
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top
The correct answer is B. Injection. Injection has historically held the top position on the OWASP Top Ten, representing the most critical web application security risk due to its prevalence and severe impact.
Question
The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?
Options
- ACross Site Scripting
- BInjection
- CPath disclosure
- DCross Site Request Forgery
How the community answered
(57 responses)- A4% (2)
- B86% (49)
- C2% (1)
- D9% (5)
Why each option
Injection has historically held the top position on the OWASP Top Ten, representing the most critical web application security risk due to its prevalence and severe impact.
Cross-Site Scripting (XSS) appears on the OWASP Top Ten but has historically ranked lower than Injection, typically in the middle of the list rather than at the primary position.
Injection flaws, including SQL, LDAP, OS command, and XML injection, occur when untrusted data is sent to an interpreter as part of a command or query, allowing attackers to execute unintended commands or access unauthorized data. OWASP ranked Injection as the number one risk for many consecutive years because it is both widespread and consistently leads to full data compromise or system takeover. The category remains near the top of OWASP rankings and is the expected answer on CEH and related exams.
Path disclosure is an information leakage issue that reveals server directory structure; it is not listed as a standalone item on the OWASP Top Ten Web Application Security Risks.
Cross-Site Request Forgery (CSRF) has appeared on older OWASP Top Ten lists but was removed from the 2021 edition and has never ranked as the primary concern above Injection.
Concept tested: OWASP Top Ten primary web application security risk
Source: https://owasp.org/www-project-top-ten/
Topics
Community Discussion
No community discussion yet for this question.