You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've updated the OWASP Top 10 and CWE Top 25
lists for 2021, so we need to update the quizzes to match.
Signed-off-by: David A. Wheeler <[email protected]>
Copy file name to clipboardExpand all lines: secure_software_development_fundamentals.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4857,11 +4857,11 @@ In this course we have covered all of the OWASP Top 10, in both the [2017](https
4857
4857
4858
4858
\>\>Select the true statement(s):<<
4859
4859
4860
-
[!x] The #1 biggest risk in the OWASP “Top 10 Web Application Security Risks” are injection flaws, including SQL injection and OS command injection.
4860
+
[!x] Injection is a risk listed in the 2021 OWASP Top 10.
4861
4861
4862
-
[x] Cross-site scripting (XSS) is in the OWASP “Top 10 Web Application Security Risks”.
4862
+
[x] Security Misconfiguration is a risk listed in the 2021 OWASP Top 10.
4863
4863
4864
-
[ ] Buffer overflows are in the OWASP “Top 10 Web Application Security Risks”. {{ selected: No, and it is understandable if you missed this. Buffer overflows are very common in embedded systems, because they are widely implemented in C and C++ which provide little protection against buffer overflows. Most web applications are written in other programming languages that protect against buffer overflows, and thus they have relatively rare in web applications. }}
4864
+
[ ] Buffer overflows are in the 2021 OWASP Top 10. {{ selected: No, and it is understandable if you missed this. Buffer overflows are very common in embedded systems, because they are widely implemented in C and C++ which provide little protection against buffer overflows. Most web applications are written in other programming languages that protect against buffer overflows, and thus they have relatively rare in web applications. }}
4865
4865
4866
4866
### CWE Top 25
4867
4867
@@ -5103,11 +5103,11 @@ for both the [2019](https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
5103
5103
5104
5104
\>\>Select the true statement(s):<<
5105
5105
5106
-
[!x] The 2019 CWE Top 25 Most Dangerous Software Errors list was created using real-world data about vulnerabilities combined with their severity scores
5106
+
[!x] The 2021 CWE Top 25 Most Dangerous Software Errors list was created using real-world data about vulnerabilities combined with their severity scores
5107
5107
5108
-
[x] The 2019 CWE Top 25 Most Dangerous Software Errors list is a combination of all kinds of software.
5108
+
[x] The 2021 CWE Top 25 Most Dangerous Software Errors list is a combination of all kinds of software.
5109
5109
5110
-
[ ] The CWEs listed in the 2019 CWE Top 25 Most Dangerous Software Errors do not overlap each other. {{ selected: No, there are CWEs that overlap. For example, #1 CWE-119 (“Improper Restriction of Operations within the Bounds of a Memory Buffer”) is a superset of both #5 CWE-125 (“Out-of-bounds read”) and #12 CWE-787 (“Out-of-bounds Write”). }}
5110
+
[ ] The CWEs listed in the 2021 CWE Top 25 Most Dangerous Software Errors do not overlap each other. {{ selected: No, there are CWEs that overlap. For example, CWE-119 (“Improper Restriction of Operations within the Bounds of a Memory Buffer”) is a superset of both CWE-125 (“Out-of-bounds read”) and CWE-787 (“Out-of-bounds Write”). }}
0 commit comments