Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › The OWASP 2021 category A04 'INSECURE DESIGN' is…

The OWASP 2021 category A04 'INSECURE DESIGN' is a NEW category that addresses

Aphysical and on-prem security only
Boperating system bugs and patches
Cuser interface aesthetics and color
Drisks from poor design choices pre-code
Answer & Solution
Correct answer: D. risks from poor design choices pre-code
1. INSECURE DESIGN (A04, 2021): a NEW category recognising that some flaws are FOUNDATIONAL — built into the architecture, not implementation bugs. 2. Examples: an architecture without rate-limiting, missing tenant isolation in multi-tenant SaaS, business logic that allows price manipulation. 3. DIFFERENCE from other categories: those are IMPLEMENTATION issues (bugs you can patch). Insecure design requires re-architecture. 4. MITIGATIONS: THREAT MODELLING (STRIDE, PASTA), security requirements gathering, secure design patterns, security architecture reviews. 5. SHIFT-LEFT philosophy: catch design flaws in the architecture phase, not in pen-testing. _Source: OWASP Top 10 2021 — A04: Insecure Design (new entry)._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions