mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
ab9c127df3
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
15 lines
608 B
Markdown
15 lines
608 B
Markdown
# A04 - Insecure Design
|
|
|
|
## Description
|
|
Insecure design is a broad category representing different weaknesses expressed as "missing or ineffective control design." The difference between insecure design and insecure implementation is that design flaws are inherent to the application's architecture.
|
|
|
|
## Common Vulnerabilities
|
|
- Missing security controls
|
|
- Insufficient threat modeling
|
|
- Insecure design patterns
|
|
- Business logic flaws
|
|
- Missing rate limiting
|
|
|
|
## Testing Approach
|
|
Test business logic flows, analyze application architecture, and look for missing security controls or flawed design patterns.
|