OWASP Security Review

A structured walkthrough for reviewing code against three standards: OWASP Top 10:2025 (web app risks), ASVS 5.0 (verification checklist), and the Agentic AI Security series (ASI01-ASI10, 2026).

OWASP Top 10 (2025)

1. Broken Access Control — check every route-level authorization. Is the user ID trusted from the request (bad) or the session (good)?
2. Cryptographic Failures — no hand-rolled crypto, no TLS bypasses, no passwords in plaintext/MD5/SHA1.
3. Injection — SQL, NoSQL, command, LDAP, XPath. Parameterize everything. Never string-concat user input into a query.
4. Insecure Design — threat-model the feature before coding. What if the attacker owns the input?
5. Security Misconfiguration — default creds, verbose errors in prod, permissive CORS, debug endpoints exposed.
6. Vulnerable and Outdated Components — run npm audit / pip-audit; pin versions.
7. Identification and Authentication Failures — rate-limit login, enforce MFA where possible, secure cookie flags (HttpOnly, Secure, SameSite).
8. Software and Data Integrity Failures — signed releases, SRI on CDN scripts, no unsigned auto-updates.
9. Security Logging and Monitoring — log auth events, but never log secrets or full tokens.
10. Server-Side Request Forgery (SSRF) — validate URLs before fetch; deny internal ranges (169.254.*, 10.*, 172.16-31.*, 192.168.*).

ASVS 5.0 quick hits

• V2 Authentication: credentials stored with a modern password hash (argon2id/bcrypt, not sha256).
• V3 Session Management: rotate session IDs on login and privilege change.
• V4 Access Control: deny by default; every route declares its required role.
• V5 Validation/Encoding/Injection: all output context-encoded at the sink.
• V7 Error Handling and Logging: no stack traces to end users; no PII in logs.
• V9 Communications: TLS 1.2+ everywhere, HSTS, certificate pinning for mobile.
• V13 API: rate-limits, authz on every endpoint including OPTIONS/HEAD.

Agentic AI Security (ASI, 2026)

• ASI01 Prompt Injection — treat tool output as untrusted input; sanitize before feeding back to the model.
• ASI02 Insecure Output Handling — never eval() model output; treat generated code/SQL/commands as suspect.
• ASI03 Training Data Poisoning — out of scope for most reviews, but note if fine-tuning on user data.
• ASI04 Model DoS — rate-limit per-user token usage.
• ASI05 Supply Chain — pin model versions; audit plugin sources.
• ASI06 Sensitive Info Disclosure — don't include secrets in system prompts; redact PII before sending to the model.
• ASI07 Insecure Plugin Design — validate plugin schemas; least-privilege scopes.
• ASI08 Excessive Agency — require human-in-the-loop for destructive actions (delete, send, pay).
• ASI09 Overreliance — tell users outputs may be wrong; don't present guesses as facts.
• ASI10 Model Theft — rate-limit, watermark, log access to proprietary weights.

Review workflow

1. Identify what the code does (auth? payment? rendering user input? calling a model?).
2. Map to the relevant top 10 items + ASVS section + ASI items for agent code.
3. Walk each item as a yes/no checklist against the diff.
4. Flag findings as HIGH / MEDIUM / LOW with file:line references and a one-line fix.
5. Never "trust but verify" — verify.

Source

https://github.com/agamm/claude-code-owasp