Insecure design is a new category in the OWASP Top 10 in 2021. Listed at #4, it is a broad category related to critical design and architectural flaws in web applications that hackers can exploit.
Insecure designs can’t be fixed by a perfect implementation. They require security controls to mitigate the threats. In this video, Jonathan Knudsen, head of global research at the Cybersecurity Research Center, demonstrates an example of an insecure design flaw with a banking application. Viewers also learn what security controls are necessary to mitigate risks associated with insecure design flaws.