Secure Coding Practices: Top OWASP Vulnerabilities

Security should not be an afterthought. It needs to be integrated into the software development lifecycle (SDLC).

OWASP Top 10

The Open Web Application Security Project (OWASP) Top 10 is a standard awareness document for developers and web application security.

1. Broken Access Control

This occurs when users can act outside of their intended permissions. Fix: Implement proper role-based access control (RBAC) and deny by default.

2. Cryptographic Failures

Previously known as Sensitive Data Exposure. Fix: Encrypt data at rest and in transit. Use strong algorithms like AES-256 and Argon2 for passwords. Never store passwords in plain text.

3. Injection (SQLi)

Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query. Fix: Use parameterized queries or ORMs (like Prisma) that handle escaping automatically.

// VULNERABLE
const query = "SELECT * FROM users WHERE name = '" + userName + "'";

// SECURE (using parameterized query concept)
db.query('SELECT * FROM users WHERE name = $1', [userName]);

4. Cross-Site Scripting (XSS)

XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping. Fix: Escape untrusted HTTP requests. frameworks like React escape content by default.

By being aware of these vulnerabilities, you can write safer code and protect user data.