A02:2021 – Cryptographic Failures

GPTKB entity

Statements (29)
Predicate Object
gptkbp:instanceOf OWASP Top 10 Category
gptkbp:category Web Application Security Risk
gptkbp:example failure to rotate keys
storing passwords without hashing
transmitting sensitive data in cleartext
using deprecated SSL/TLS versions
using hard-coded cryptographic keys
gptkbp:focusesOn lack of encryption
weak cryptographic algorithms
cryptographic weaknesses
data protection failures
improper key management
insecure transmission of data
use of outdated protocols
gptkbp:hasOWASPPage https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
https://www.w3.org/2000/01/rdf-schema#label A02:2021 – Cryptographic Failures
gptkbp:mitigatedBy do not use deprecated cryptographic protocols
enforce secure transmission protocols
implement proper key management
store passwords using strong hashing algorithms
use strong encryption algorithms
gptkbp:partOf OWASP Top 10:2021
gptkbp:publishedBy gptkb:OWASP
gptkbp:publishedIn 2021
gptkbp:rank 2
gptkbp:relatedTo Sensitive Data Exposure
gptkbp:replacedBy A3:2017 – Sensitive Data Exposure
gptkbp:bfsParent gptkb:OWASP_Top_10
gptkbp:bfsLayer 6