OWASP Top 10: Cryptographic failures

Many of the web and mobile applications you use daily require you to input sensitive information. Cryptography offers tools that can be used to safeguard sensitive data and securely transfer it across the internet. Cryptography is powerful but it must be used properly to be effective. This category, formerly known as “Sensitive data exposure,” moved from third position to second in the OWASP Top 10 list in 2021.

In this video, Jonathan Knudsen, head of global research at the Cybersecurity Research Center, demonstrates an example of a cryptographic failure due to a lack of encryption. You’ll also learn about security activities that will help you add security controls to your web applications and sensitive data.