Security Corner – An Introduction

5 January 2026

All About Security Corner

Welcome to the very first Security Corner post!

The goal of this blog is to share the world of security with any and all who are interested! As a cybersecurity enthusiast myself, I am by no means an expert but I am hoping to provide a space within the Carleton community to learn about and discuss cybersecurity! Each week I will provide a digest of the top security news around the world, discuss several security terms and protocols at length, and highlight upcoming or ongoing security-related events. Thus, I look forward to going on this learning journey with all of you.

2025 Security Wrapped

As we start 2026, I thought it would be fitting to take a look at the OWASP top 10 list for 2025. For those who don’t know, the OWASP (Open Worldwide Application Security Project) is a non-profit organization that aims to provide open-source information on the security of web applications, system software and internet of things (IoTs).

Starting in 2003, the organization began producing the OWASP Top Ten list, a curated list of the most critical vulnerabilities within a given year.

Below I have provided the list of the top ten security risks for last year with a brief description of each one as well as links to the in depth descriptions for those who are interested!

OWASP Top Ten

  1. A01:2025 – Broken Access Control
    Issues surrounding to the policies and protocols in place within a system to determine who does and does not have access to different resources
  2. A02:2025 – Security Misconfiguration
    Any sort of vulnerability caused when a system or application or piece of software is improperly configured
  3. A03:2025 – Software Supply Chain Failures
    Vulnerabilities that compromise the process of building, distributing, or updating software
  4. A04:2025 – Cryptographic Failures
    This is a vulnerability caused typically by old or weak encryption algorithms still in use, poor key management or the use of HTTP instead of HTTPS (try not to visit sites that use http, they are not encrypted!). This results in data being easily read by malicious actors
  5. A05:2025 – Injection
    My favorite form of vulnerability! It relates to any flaw within an application or system that allows for untrusted and unverified user input that is allowed to run on the system.
  6. A06:2025 – Insecure Design
    Goes back to the very beginning of the development cycle. Notably, it does not mean that the written code had some bugs in it, rather that the very design of the software is insecure.
  7. A07:2025 – Authentication Failures
    This refers to any instance where an attacker is able to gain access into a system they should not have access to.
  8. A08:2025 – Software or Data Integrity Failures
    A vulnerability caused by integrating software or data that has not been verified as legitimate. This is equivalent to downloading a shady plugin from some random person on Github without ensuring that their code can be trusted.
  9. A09:2025 – Security Logging and Alerting Failures
    This is when a system fails to log or detect necessary security information. This is either caused by not logging enough data or by incorrectly flagging some data as harmless or harmful.
  10. A10:2025 – Mishandling of Exceptional Conditions
    This is a vulnerability that occurs when a system is not prepared for unpredictable behavior. This is looking at how a system responds to edge cases and whether it is able to handle those inputs in a contained way.

That’s all for this week though, I would highly encourage reading up on any (or all) of the vulnerabilities that peak your interest. There’s a lot of fascinating information!

Posted In

Appears in Issues:

Return to Sentinel Newsletter