Some thoughts on 2021 OWASP Top 10's Cryptographic Failures Section

Our great sponsors

InfluxDB - Power Real-Time Data Analytics at Scale

WorkOS - The modern identity platform for B2B SaaS

SaaSHub - Software Alternatives and Reviews

Our great sponsors

Top10

6 4,048 4.3 HTML

Official OWASP Top 10 Document Repository

I'm not sure you got my point. The CWEs are there, but they give no examples of those in the Description or bullet points or the How to Prevent bullet points. In other words, the description and how to prevent ignore the vast majority of CWEs they list under Cryptographic Failures. My proposed change to the standard is that they include those CWEs in the Description and Prevention section. That was the entire point of raising the issue that I linked to: https://github.com/OWASP/Top10/issues/540

InfluxDB

www.influxdata.com sponsored

Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

The First Website
1 project | news.ycombinator.com | 27 Apr 2024
Router, pages, layouts and async data in TiniJS apps
2 projects | dev.to | 27 Apr 2024
Leaving the Earth
1 project | dev.to | 26 Apr 2024
Show HN: Leaderboard of most downloaded PyPI packages
1 project | news.ycombinator.com | 26 Apr 2024
Use Circle CI to deploy Flask-Python app in Docker
1 project | dev.to | 26 Apr 2024

Some thoughts on 2021 OWASP Top 10's Cryptographic Failures Section

This page summarizes the projects mentioned and recommended in the original post on /r/crypto Post date: 12 Sep 2021

Top10

InfluxDB

Related posts