Insecure Design

Refers to weaknesses in the architectural or design phase of software development, which lead to security vulnerabilities. It means that the application lacks proper security controls or that the design itself is flawed. We can find some scenarios where this type of vulnerability can be identified:

• Cross-Site Request Forgery (CSRF): Forces authenticated users to execute unwanted actions on a web application by tricking them into submitting malicious requests

• Insufficient Authorization: Allows unauthorized users to perform actions or access sensitive resources due to improperly designed access control mechanisms

• Improper Input Validation: Exploits poorly designed user input validation to manipulate data, execute unintended functionality, or bypass restrictions

• Business Logic Flaws: Abuses application workflows or processes that were not securely designed, leading to unintended and exploitable behaviors