Recommendation Report
This report provides recommendations to address two development issues/vulnerabilities.
The report describes why the OWASP elements selected are potential areas of concern for the development team and recommends techniques or methods to apply specific fundamental security design principles to avoid the development issues/vulnerabilities. The report also justifies the relevance of the fundamental security design principles selected.
Development Issue/Vulnerability One
The OWASP element selected for this development issue/vulnerability is Injection. Injection attacks occur when an attacker sends untrusted data to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. To avoid this issue, the fundamental security design principle of Input Validation can be applied. Input validation is the process of checking whether the input data is valid, correct, and useful. By validating the input data, you can ensure that the data is free from malicious code, unexpected characters, and other anomalies. This principle is relevant because it helps to prevent injection attacks by ensuring that the input data is safe and secure.
Development Issue/Vulnerability Two
The OWASP element selected for this development issue/vulnerability is Broken Authentication. Broken authentication occurs when an attacker exploits vulnerabilities in the authentication process to gain unauthorized access to the system. To avoid this issue, the fundamental security design principle of Least Privilege can be applied. Least privilege is the principle of granting users only the minimum level of access required to perform their tasks. By
