nerdexam
EC-Council

312-50V10 · Question #743

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top

The correct answer is B. Injection. Injection has historically held the top position on the OWASP Top Ten, representing the most critical web application security risk due to its prevalence and severe impact.

Hacking Web Applications

Question

The Open Web Application Security Project (OWASP) is the worldwide not-for-profit charitable organization focused on improving the security of software. What item is the primary concern on OWASP's Top Ten Project Most Critical Web Application Security Risks?

Options

  • ACross Site Scripting
  • BInjection
  • CPath disclosure
  • DCross Site Request Forgery

How the community answered

(57 responses)
  • A
    4% (2)
  • B
    86% (49)
  • C
    2% (1)
  • D
    9% (5)

Why each option

Injection has historically held the top position on the OWASP Top Ten, representing the most critical web application security risk due to its prevalence and severe impact.

ACross Site Scripting

Cross-Site Scripting (XSS) appears on the OWASP Top Ten but has historically ranked lower than Injection, typically in the middle of the list rather than at the primary position.

BInjectionCorrect

Injection flaws, including SQL, LDAP, OS command, and XML injection, occur when untrusted data is sent to an interpreter as part of a command or query, allowing attackers to execute unintended commands or access unauthorized data. OWASP ranked Injection as the number one risk for many consecutive years because it is both widespread and consistently leads to full data compromise or system takeover. The category remains near the top of OWASP rankings and is the expected answer on CEH and related exams.

CPath disclosure

Path disclosure is an information leakage issue that reveals server directory structure; it is not listed as a standalone item on the OWASP Top Ten Web Application Security Risks.

DCross Site Request Forgery

Cross-Site Request Forgery (CSRF) has appeared on older OWASP Top Ten lists but was removed from the 2021 edition and has never ranked as the primary concern above Injection.

Concept tested: OWASP Top Ten primary web application security risk

Source: https://owasp.org/www-project-top-ten/

Topics

#OWASP Top Ten#injection flaws#web application risks#SQL injection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice