A04:2021 - Insecure design

Official Content
This documentation is valid for:

This article describes the OWASP 2021 architectural flaws that can result in the insecure design of your applications.

Insecure design is a broad category that represents various weaknesses described as "missing or ineffective control design." For example, when some code should encrypt sensitive data but there is no method to do so. 

Read more at: Insecure Design - OWASP Documentation

Actions by GeneXus

  • GeneXus does not take any specific actions.

Actions by Developers

A secure design approach involves the whole application team and not only developers. It requires applying secure design patterns, threat modeling analysis, and a secure development life cycle. Even so, developers can take the actions below:

  • GeneXus application security training.

  • Dependency control (manual or in continuous integration pipelines, if any). OWASP Dependency-Check may come in handy for this.

  • Use of known libraries for security controls.

  • Documentation of reusable controls for future developments.

  • Active use of Security Scanner.


Since GeneXus 18 upgrade 1.