OWASP & Application Security Interview Prep

Web & API security: the OWASP Top 10, injection, access control, authentication, cryptography, and a secure SDLC

Choose a Module

🔐

OWASP Top 10

The 2021 Top 10 web application risks (A01–A10) with examples and defenses

🚪

Access Control

A01: IDOR, vertical/horizontal privilege escalation, RBAC/ABAC, deny-by-default

💉

Injection & XSS

A03: SQL injection, XSS (stored/reflected/DOM), command & template injection, CSP

🔑

Authentication

A07: password storage, MFA, sessions & cookies, JWT pitfalls, OAuth/OIDC

🔐

Cryptography

A02: TLS, encryption at rest, hashing vs encryption, key management, secrets

🧩

API Security

OWASP API Security Top 10 (2023): BOLA, BFLA, BOPLA, SSRF, resource consumption

🛡️

Secure SDLC

Threat modeling (STRIDE), misconfiguration, SCA/SBOM, supply chain, SAST/DAST