OWASP Referentie Mapping
Hoe de hoofdstukken in deze handboeken zich verhouden tot de OWASP standaarden.
OWASP Top 10 (2021) → Handboek Hoofdstukken
| OWASP | Categorie | Hoofdstuk(ken) |
|---|---|---|
| A01 | Broken Access Control | Authenticatie, API Security (IDOR) |
| A02 | Cryptographic Failures | OAuth & JWT |
| A03 | Injection | SQL Injection, Command Injection, SSTI, XXE |
| A04 | Insecure Design | Business Logic, Race Conditions |
| A05 | Security Misconfiguration | CORS, API Misconfiguratie |
| A06 | Vulnerable Components | Verkenning (versiedetectie) |
| A07 | Authentication Failures | Authenticatie, OAuth/JWT |
| A08 | Software/Data Integrity | Deserialisatie |
| A09 | Logging & Monitoring Failures | Rapportage |
| A10 | SSRF | SSRF, SSRF + Cloud Metadata tutorial |
OWASP API Security Top 10 (2023)
| OWASP API | Categorie | Hoofdstuk |
|---|---|---|
| API1 | Broken Object Level Authorization | API Security |
| API2 | Broken Authentication | OAuth & JWT |
| API3 | Broken Object Property Level Authorization | API Security (Mass Assignment) |
| API4 | Unrestricted Resource Consumption | API Security (Rate Limiting) |
| API5 | Broken Function Level Authorization | API Security |
| API6 | Unrestricted Access to Sensitive Business Flows | Business Logic |
| API7 | Server-Side Request Forgery | SSRF |
| API8 | Security Misconfiguration | CORS |
| API9 | Improper Inventory Management | Verkenning |
| API10 | Unsafe Consumption of APIs | API Security |
MITRE ATT&CK Mapping (Netwerk & Cloud)
| Tactic | Hoofdstuk(ken) |
|---|---|
| Reconnaissance | Netwerk Verkenning, Cloud Verkenning |
| Initial Access | Initiële Toegang |
| Execution | Privilege Escalatie |
| Persistence | Persistentie, Cloud Persistentie |
| Privilege Escalation | Privilege Escalatie, Kerberos |
| Defense Evasion | Evasion, Cloud Evasion |
| Credential Access | Credential Access |
| Lateral Movement | Laterale Beweging, Cloud Laterale Beweging |