Home › BCA Cyber Security › cybersecurity › Web Security — OWASP › The OWASP 2021 category A04 'INSECURE DESIGN' is…
The OWASP 2021 category A04 'INSECURE DESIGN' is a NEW category that addresses
Aphysical and on-prem security only
Boperating system bugs and patches
Cuser interface aesthetics and color
Drisks from poor design choices pre-code
Answer & Solution
Correct answer: D. risks from poor design choices pre-code
1. INSECURE DESIGN (A04, 2021): a NEW category recognising that some flaws are FOUNDATIONAL — built into the architecture, not implementation bugs.
2. Examples: an architecture without rate-limiting, missing tenant isolation in multi-tenant SaaS, business logic that allows price manipulation.
3. DIFFERENCE from other categories: those are IMPLEMENTATION issues (bugs you can patch). Insecure design requires re-architecture.
4. MITIGATIONS: THREAT MODELLING (STRIDE, PASTA), security requirements gathering, secure design patterns, security architecture reviews.
5. SHIFT-LEFT philosophy: catch design flaws in the architecture phase, not in pen-testing.
_Source: OWASP Top 10 2021 — A04: Insecure Design (new entry)._
Related questions
What does HTTPS provide over plain HTTP?Which OWASP category covers using libraries with KNOWN CVEs?OWASP recommends LOGGING and MONITORING for the SECURITY LIFECYCLE becauseAn IDOR (Insecure Direct Object Reference) attack happens whenCROSS-SITE REQUEST FORGERY (CSRF) is best mitigated byWhich mitigation is the SINGLE most effective defense against SQL Injection?SERVER-SIDE REQUEST FORGERY (SSRF) — A10 in OWASP 2021 — happens whenWhat does the SECURITY MISCONFIGURATION category (A05 in 2021) typically include?