OWASP Top 10 Quiz - Easy

A program sends malicious instructions to the server. Similar to the form example, sending crafted inputs or instructions can manipulate a server's behavior.

A user can see things they shouldn't. Broken access control means not defining who can see or do certain things. This could allow unauthorized viewing of private data.

A website doesn't protect your data well. This is a key element of security misconfiguration. It could lead to data being exposed or modified.

Security isn't thought about enough. Security needs to be considered as part of the design process, not as an afterthought.

Your bank account information being leaked. Financial data is a primary target for attackers and should be heavily protected.

Opening a document from an unknown source. XXE attacks can exploit how XML documents are processed, so opening untrusted files is dangerous.

Hackers can exploit weaknesses in the software. The heart of this OWASP category is using components (libraries, frameworks) that have known vulnerabilities, leaving you open to attack.

Not knowing when bad guys are on a website. Without proper logging and monitoring, malicious activity may go undetected, allowing attackers more time to operate.

Bad guys sending sneaky data to a program. Insecure deserialization involves an attacker manipulating serialized data (often objects) to change the program's behavior.

A. Hackers tricking a server into doing something bad. SSRF attacks can make servers perform actions they’re not intended to, resulting in harm.