Security Standards

What Is OWASP (Open Worldwide Application Security Project)?

In Laravel Applications

The OWASP Top 10 maps directly to Laravel: A01 Broken Access Control (Gate/Policy misuse), A02 Cryptographic Failures (weak APP_KEY), A03 Injection (raw DB queries), A05 Security Misconfiguration (debug mode, exposed .env), A06 Vulnerable Components (outdated Composer packages).

Example

Running your Laravel application through an OWASP ZAP scan checks for many of the OWASP Top 10 vulnerabilities automatically.

Related Terms

OWASP Top 10

A regularly updated list of the ten most critical security risks to web applications, published by the OWASP Foundation. The current version (2021) includes: A01 Broken Access Control, A02 Cryptographic Failures, A03 Injection, A04 Insecure Design, A05 Security Misconfiguration, A06 Vulnerable and Outdated Components, A07 Identification and Authentication Failures, A08 Software and Data Integrity Failures, A09 Security Logging and Monitoring Failures, A10 Server-Side Request Forgery.

Vulnerability

A weakness in a system that can be exploited by an attacker to perform unauthorized actions. Vulnerabilities can exist in code, configuration, infrastructure, or processes. They range in severity from informational to critical.

Penetration Testing

A simulated cyberattack performed by security professionals to evaluate the security of a system. Penetration testers (pentesters) attempt to exploit vulnerabilities using the same techniques real attackers would use, then provide a report of findings with remediation guidance.