Security Review

OWASP Top 10 (2021)

Use this as a baseline checklist when reviewing any application for security vulnerabilities.

A01: Broken Access Control

Users acting outside their intended permissions.

// VULNERABLE: No authorization check
app.get('/api/users/:id', async (req, res) => {
  const user = await db.query('SELECT * FROM users WHERE id = $1', [req.params.id]);
  res.json(user);
});