Which OWASP Top 10 category covers attacks like XML External Entity (XXE) and insecure object references?
A CISSP practice question covering Domain 8: Software Development Security. Try answering before reading the explanation below.
Show options & answer
Why "Broken Access Control" is the right answer
Insecure direct-object references (IDOR) and many access-bypass classes fall under Broken Access Control (the #1 risk in current OWASP Top 10). XXE specifically lives under Injection in older lists but is now folded into Security Misconfiguration / XXE. The trend over revisions has been to consolidate.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.