security-audit

Security audits, vulnerability assessment, and secure coding patterns aligned with OWASP.

| A01 | Broken Access Control | Unauthorized access to resources | | A02 | Cryptographic Failures | Weak encryption, exposed secrets | | A03 | Injection | SQL, NoSQL, OS, LDAP injection | | A04 | Insecure Design | Missing security controls by design | | A05 | Security Misconfiguration | Default configs, verbose errors |

| A06 | Vulnerable Components | Outdated libraries with CVEs | | A07 | Auth Failures | Broken authentication/session | | A08 | Data Integrity Failures | Insecure deserialization, CI/CD | | A09 | Logging Failures | Missing audit logs, monitoring | | A10 | SSRF | Server-side request forgery |

أنماط التدقيق الأمني ​​لـ PHP/OWASP. يُستخدم عند إجراء تقييمات الأمان، أو تحديد نقاط الضعف (XXE، أو حقن SQL، أو XSS)، أو تسجيل نقاط CVSS. المصدر: dirnbauer/webconsulting-skills.