Zoom with mouse-scroll, move graph with mouse-drag, enable / disable node-types with checkboxes
OWASP Top 10 Web
OWASP Top 10 Proactive controls
OWASP Top 10 Mobile
Mitigations
Tools & Techniques
A01:2021 Broken Authentication
A02:2021 Cryptographic Failures
A03:2021 Injection
A04:2021 Insecure Design
A05:2021 Security Misconfiguration
A06:2021 Vulnerable and Outdated Components
A07:2021 Identification & Authentication Failures
A08:2021 Software & Data Integrity Failures
A09:2021 Security Logging & Monitoring Failures
A10:2021 SSRF
A04:2017 XXE
A07:2017 XSS
A08:2013 CSRF
C1:2018 Security Requirements
C2:2018 Leverage Security Frameworks & Libraries
C3:2018 Secure Database Access
C4:2018 Encode & Escape Data
C5:2018 Validate all Inputs
C6:2018 Implement Digital Identity
C7:2018 Enforce Access Control
C8:2018 Protect Data Everywhere
C9:2018 Secure Logging & Monitoring
C10:2018 Handle all Errors & Exceptions
M1:2016 Improper Platform Usage
M2:2016 Insecure Data Storage
M3:2016 Insecure Communication
M4:2016 Insecure Authentication
M5:2016 Insufficient Cryptography
M6:2016 Insecure Authorization
M7:2016 Client Code Quality
M8:2016 Code Tampering
M9:2016 Reverse Engineering
M10:2016 Extranous Functionality
M1:2014 Weak Server-side Controls
M5:2014 Poor Authorization & Authentication
M7:2014 Client-side Injection
Secure Logging Design
Secure Configuration
Secure Local Storage
Secure Authentication
Password Requirements
Secure Password Recovery
Secure Queries
Secure Communication
Session Management
Log all Access Control Events
Force Access Control Checks
Deny by Default
Design Access Control up-front
Principle of Least Privilege
Don't Hardcode Access Roles
Encrypt Data in Transit
Encrypt Data at Rest
Classify Data
Secrets Management
Key Lifecycle
Sufficient Amount of Logging
Common Logging Format
Log Relevant Data
Centralize Exception Handling
Prevent Technical or Sensitive data in User-facing Errors
OWASP Application Security Verification Standard
OWASP Mobile Application Security Verification Standard
Remove Default Credentials
Proper Password Storage
Minimize Data
Throttling on Login
Secure Session Management
MFA
HTTPS & HSTS
Strong Encryption
Filtering
Server-side Validation
CSP
SameSite Attribute
Eliminate Unused Components & Features
Content Escaping
Content Encoding
Sanitization