Home › BCA Cyber Security › cybersecurity › Web Security — OWASP › Which OWASP 2021 category covers MISSING ENCRYPT…
Which OWASP 2021 category covers MISSING ENCRYPTION, weak crypto algorithms, and hardcoded secrets?
AA01: Broken Access Control
BA02: Cryptographic Failures
CA04: Insecure Design
DA09: Logging Failures
Answer & Solution
Correct answer: B. A02: Cryptographic Failures
1. A02: CRYPTOGRAPHIC FAILURES (renamed from 'Sensitive Data Exposure' in 2017) — covers failures to protect data at rest and in transit.
2. Common issues:
• Transmitting credit cards / passwords over HTTP
• Using deprecated algorithms: MD5, SHA-1, DES
• Hardcoded encryption keys in source code
• Using ECB mode for block ciphers
• Weak random number generators for crypto
3. MITIGATION: use TLS 1.2+ everywhere, AES-256-GCM for symmetric encryption, modern hash functions (SHA-256+), key management via dedicated services (AWS KMS, HashiCorp Vault).
_Source: OWASP Top 10 2021 — A02: Cryptographic Failures._
Related questions
What does HTTPS provide over plain HTTP?Which OWASP category covers using libraries with KNOWN CVEs?OWASP recommends LOGGING and MONITORING for the SECURITY LIFECYCLE becauseAn IDOR (Insecure Direct Object Reference) attack happens whenCROSS-SITE REQUEST FORGERY (CSRF) is best mitigated byWhich mitigation is the SINGLE most effective defense against SQL Injection?SERVER-SIDE REQUEST FORGERY (SSRF) — A10 in OWASP 2021 — happens whenWhat does the SECURITY MISCONFIGURATION category (A05 in 2021) typically include?