This article describes the OWASP 2021 architectural flaws that can result in the insecure design of your applications.
Insecure design is a broad category that represents various weaknesses described as "missing or ineffective control design." For example, when some code should encrypt sensitive data but there is no method to do so.
Read more at: Insecure Design - OWASP Documentation
A secure design approach involves the whole application team and not only developers. It requires applying secure design patterns, threat modeling analysis, and a secure development life cycle. Even so, developers can take the actions below:
-
GeneXus application security training.
-
Dependency control (manual or in continuous integration pipelines, if any). OWASP Dependency-Check may come in handy for this.
-
Use of known libraries for security controls.
-
Documentation of reusable controls for future developments.
-
Active use of Security Scanner.
Since
GeneXus 18 upgrade 1.