csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
playbook/antigravity-awesome-skills/skills/007/references/owasp-checklists.md

77 lines
13 KiB
Markdown
Raw Blame History

# OWASP Top 10 Checklists
> Quick-reference checklists for the three most relevant OWASP Top 10 lists.
> Use during code reviews, security audits, and threat modeling.
---
## OWASP Web Application Top 10 (2021)
| # | Vulnerability | Description | Detection Patterns | Fix |
|---|--------------|-------------|-------------------|-----|
| **A01** | **Broken Access Control** | Users can act outside their intended permissions. IDOR, missing authz checks, CORS misconfiguration. | `GET /admin` accessible without admin role; user A accesses user B data via ID manipulation; missing `@require_role` decorators. | Deny by default. Enforce server-side access control. Disable directory listing. Log access failures. Invalidate JWT/sessions on logout. |
| **A02** | **Cryptographic Failures** | Sensitive data exposed due to weak or missing encryption. Cleartext storage/transmission. | Passwords stored as MD5/SHA1; HTTP endpoints serving sensitive data; hardcoded encryption keys; `TLS 1.0/1.1` in config. | HTTPS everywhere. TLS 1.2+ only. bcrypt/argon2 for passwords. Encrypt data at rest (AES-256). No sensitive data in URLs. |
| **A03** | **Injection** | Untrusted data sent to interpreter without validation. SQL, NoSQL, OS command, LDAP injection. | String concatenation in queries: `f"SELECT * FROM users WHERE id={input}"`; `os.system(user_input)`; unsanitized template rendering. | Parameterized queries/prepared statements. ORM usage. Input validation (allowlist). Escape output. WAF as defense-in-depth. |
| **A04** | **Insecure Design** | Missing or ineffective security controls at design level. Threat modeling not performed. | No rate limit on password reset; unlimited free trial creation; business logic allows negative quantities; no fraud detection. | Threat model during design. Secure design patterns. Unit/integration tests for abuse cases. Limit resource consumption by user. |
| **A05** | **Security Misconfiguration** | Default configs, open cloud storage, unnecessary features enabled, verbose errors. | Default admin credentials; S3 bucket public; stack traces in production; unnecessary HTTP methods enabled; CORS `*`. | Hardened defaults. Remove unused features/frameworks. Automated config scanning. Different credentials per environment. |
| **A06** | **Vulnerable Components** | Using libraries/frameworks with known vulnerabilities. Outdated dependencies. | `npm audit` / `pip-audit` findings; CVE matches in dependency tree; EOL runtime versions; unpatched OS packages. | Dependency scanning in CI/CD. Automated updates (Dependabot/Renovate). Remove unused dependencies. Monitor CVE databases. |
| **A07** | **Auth Failures** | Broken authentication allows credential stuffing, brute force, session hijacking. | No rate limit on login; session ID in URL; no MFA option; weak password policy; session not invalidated on password change. | MFA. Rate limit login attempts. Secure session management. Strong password policy. Rotate session on privilege change. |
| **A08** | **Software/Data Integrity** | Insecure CI/CD pipelines, unsigned updates, deserialization of untrusted data. | `pickle.loads(user_data)`; CDN scripts without SRI hashes; unsigned artifacts in pipeline; auto-merge without review. | SRI for external scripts. Signed artifacts. Review CI/CD pipeline security. Avoid deserializing untrusted data. Code review enforcement. |
| **A09** | **Logging/Monitoring Failures** | Insufficient logging, missing alerts, no incident response capability. | No logs for login failures; logs without user context; no alerting on suspicious patterns; logs stored locally only. | Log all auth events, access failures, input validation failures. Centralized logging. Alert on anomalies. Retention policy. |
| **A10** | **SSRF** | Server-side request forgery - application fetches attacker-controlled URL. | `fetch(user_provided_url)`; URL parameter for image processing; webhook URL without validation; DNS rebinding. | Allowlist for outbound URLs/IPs. Block private IP ranges (10.x, 172.16.x, 169.254.x). Disable HTTP redirects. Network segmentation. |
---
## OWASP API Security Top 10 (2023)
| # | Vulnerability | Description | Detection Patterns | Fix |
|---|--------------|-------------|-------------------|-----|
| **API1** | **Broken Object Level Authorization (BOLA)** | API exposes endpoints that handle object IDs, allowing attackers to access other users' objects. | `GET /api/v1/users/{id}/orders` without ownership check; sequential/predictable IDs; no authz middleware on data endpoints. | Check object ownership in every request. Use random UUIDs, not sequential IDs. Authorization middleware on all data endpoints. |
| **API2** | **Broken Authentication** | Weak or missing authentication mechanisms on API endpoints. | API keys in URLs; no token expiration; missing auth on internal APIs exposed publicly; credentials in response bodies. | OAuth 2.0 / JWT with short expiry. API key rotation. Auth on ALL endpoints. Never expose credentials in responses. Rate limit auth endpoints. |
| **API3** | **Broken Object Property Level Authorization** | API exposes all object properties, allowing mass assignment or excessive data exposure. | Response includes `password_hash`, `internal_id`, `is_admin`; PUT/PATCH accepts `role` field from user input. | Explicit response schemas (allowlist fields). Block mass assignment. Never auto-expose DB model. Separate read/write DTOs. |
| **API4** | **Unrestricted Resource Consumption** | API doesn't limit requests, payload sizes, or resource usage, enabling DoS. | No pagination (`GET /users` returns all); unlimited file upload size; no rate limiting; expensive queries without timeout. | Rate limiting per user/IP. Pagination (max page size). Payload size limits. Query complexity limits. Timeouts on all operations. |
| **API5** | **Broken Function Level Authorization** | Missing authorization checks on administrative or privileged API functions. | `DELETE /api/users/{id}` accessible to regular users; admin endpoints without role check; horizontal privilege escalation. | RBAC enforcement. Deny by default. Admin endpoints on separate route group with middleware. Regular authorization audits. |
| **API6** | **Unrestricted Access to Sensitive Business Flows** | Automated abuse of legitimate business flows (scalping, spam, credential stuffing). | Automated account creation; bulk coupon redemption; scraping sensitive listings; no CAPTCHA on sensitive flows. | Rate limit business-critical flows. CAPTCHA/device fingerprinting. Anomaly detection. Business logic abuse monitoring. |
| **API7** | **Server Side Request Forgery (SSRF)** | API fetches remote resources without validating user-supplied URLs. | `POST /api/import {"url": "http://169.254.169.254/"}` (AWS metadata); webhook URL to internal services. | URL allowlisting. Block internal IP ranges. Disable redirects. Validate URL scheme (https only). Network segmentation. |
| **API8** | **Security Misconfiguration** | Missing security headers, permissive CORS, verbose errors, default credentials on API infrastructure. | `Access-Control-Allow-Origin: *`; detailed error messages with stack traces; default API gateway credentials; TLS 1.0 enabled. | Hardened configs. Restrictive CORS. Generic error responses. Security headers. Regular config audits. |
| **API9** | **Improper Inventory Management** | Deprecated/unpatched API versions still accessible. Shadow APIs. Undocumented endpoints. | `/api/v1/` still active alongside `/api/v3/`; internal debug endpoints exposed; undocumented admin API; no API gateway. | API inventory/catalog. Deprecate and remove old versions. API gateway as single entry point. OpenAPI spec as source of truth. |
| **API10** | **Unsafe Consumption of APIs** | API trusts data from third-party APIs without validation, inheriting their vulnerabilities. | Blindly trusting webhook payloads; no validation on third-party API responses; following redirects from external APIs. | Validate ALL external API responses. Timeout and circuit breakers. Don't trust third-party data more than user input. TLS for all external calls. |
---
## OWASP LLM Top 10 (2025)
| # | Vulnerability | Description | Detection Patterns | Fix |
|---|--------------|-------------|-------------------|-----|
| **LLM01** | **Prompt Injection** | Attacker manipulates LLM via crafted input (direct) or poisoned context (indirect). | User input contains "ignore previous instructions"; external documents with hidden instructions; unexpected tool calls after processing user content. | Input sanitization. Separate system/user prompts clearly. Output validation. Human-in-the-loop for sensitive actions. Context isolation. |
| **LLM02** | **Sensitive Information Disclosure** | LLM reveals confidential data from training data, system prompts, or context. | Model outputs API keys, internal URLs, PII; system prompt extraction via "repeat your instructions"; context leakage between users. | Strip secrets from context. Output filtering for PII/secrets. Session isolation. Don't put secrets in system prompts. Anonymize training data. |
| **LLM03** | **Supply Chain Vulnerabilities** | Compromised training data, model weights, plugins, or dependencies. | Poisoned fine-tuning datasets; malicious third-party plugins; tampered model files; compromised prompt templates. | Verify model integrity (checksums). Audit plugins/tools. Signed artifacts. Scan training data. Vendor security assessment. |
| **LLM04** | **Data and Model Poisoning** | Attacker corrupts training/fine-tuning data to influence model behavior. | Biased outputs after fine-tuning; backdoor triggers in model responses; degraded performance on specific topics. | Data validation pipeline. Anomaly detection on training data. Multiple data sources. Regular model evaluation. Federated learning safeguards. |
| **LLM05** | **Improper Output Handling** | LLM output passed to downstream systems without sanitization, enabling XSS, injection, RCE. | LLM output rendered as HTML without escaping; LLM-generated SQL executed directly; LLM output used in system commands. | Treat LLM output as untrusted. Sanitize before rendering. Parameterized queries for LLM-generated SQL. Never pass LLM output to `eval()` or shell. |
| **LLM06** | **Excessive Agency** | LLM agent has too many permissions, can perform destructive actions without human approval. | Agent can delete files, send emails, modify databases without confirmation; no scope limits on tool access; no approval workflow. | Least-privilege tool access. Human-in-the-loop for destructive actions. Read-only by default. Scope limits per session. Action audit logs. |
| **LLM07** | **System Prompt Leakage** | Attacker extracts the system prompt, revealing business logic, guardrails, and instructions. | Prompts like "what are your instructions?"; indirect extraction via role-play; iterative probing to reconstruct system prompt. | Don't rely on system prompt secrecy for security. Defense in depth. Monitor for extraction attempts. Separate config from prompts. |
| **LLM08** | **Vector and Embedding Weaknesses** | Manipulation of RAG retrieval through poisoned embeddings or adversarial documents. | Irrelevant documents surfacing in RAG results; poisoned knowledge base entries; embedding collision attacks. | Validate RAG sources. Access control on knowledge base. Embedding anomaly detection. Source attribution in responses. Regular KB audits. |
| **LLM09** | **Misinformation** | LLM generates false/misleading content (hallucinations) presented as fact. | Confident assertions about nonexistent APIs; fabricated citations; incorrect code that looks plausible; made-up statistics. | Grounding with verified sources (RAG). Confidence scoring. Fact-checking pipeline. Disclaimers on generated content. Human review for critical outputs. |
| **LLM10** | **Unbounded Consumption** | Excessive resource usage through crafted prompts, leading to cost explosion or denial of service. | Extremely long context inputs; recursive agent loops; prompt that triggers maximum token generation; no budget limits. | Token limits per request/session. Budget caps per user. Iteration limits for agents. Timeout on generation. Monitor cost anomalies. |
---
## Quick Audit Checklist
Use this as a rapid assessment during code reviews:
```
[ ] Authentication on all endpoints (A07/API2)
[ ] Authorization checks on every data access (A01/API1/API5)
[ ] Input validation and parameterized queries (A03)
[ ] No sensitive data in logs or error messages (A09/API8)
[ ] Dependencies up to date, no known CVEs (A06)
[ ] Rate limiting on all public endpoints (API4)
[ ] HTTPS everywhere, TLS 1.2+ (A02)
[ ] Security headers set (CSP, HSTS, X-Frame-Options) (A05)
[ ] LLM output treated as untrusted (LLM05)
[ ] Agent tool access follows least privilege (LLM06)
[ ] Prompt injection defenses in place (LLM01)
[ ] Token/cost budgets configured (LLM10)
```
Reference in New Issue View Git Blame Copy Permalink