█
LastWrite
  • > Curriculum
  • > Pricing
  • > For Educators
  • > About
  • > Contact
Log InGet Started

Questions, concerns, bug reports, or suggestions? We read every message, write to us at [email protected].

More ways to reach us →
LastWrite

Structured computer science lessons for aspiring developers and security professionals.

[email protected]

(201) 785-7951

Mon–Fri, 9 AM–5 PM EST

Learn

  • Curriculum
  • Pricing

Company

  • About
  • For Educators & Schools
  • Contact Us

Legal

  • Terms of Service
  • Privacy Policy
© 2026 LastWrite. All rights reserved.
Curriculum/Cybersecurity/Application Security/Top Security Threats and the Frameworks That Map Them
40 minIntermediate

Top Security Threats and the Frameworks That Map Them

After this lesson, you will be able to: Map the top security threats organizations face today (ransomware, supply-chain attacks, zero-days, social engineering, insider threats) to the OWASP and NIST frameworks that organize the response.

The OWASP Top 10 names vulnerability classes in code. This lesson zooms out to the threats that exploit them: the attacker categories and campaigns that make headlines. Knowing the threat landscape, and how OWASP and the NIST Cybersecurity Framework map onto it, is what turns a coder into a security-minded engineer.

Prerequisites:Server-Side Request Forgery

The top threats today

Ransomware: malware encrypts an organization's data and demands payment, often paired with data theft (double extortion). Supply-chain attacks: compromise one trusted vendor or dependency to reach thousands of downstream targets (SolarWinds, log4j-style component risk). Zero-days: exploits for vulnerabilities the vendor does not yet know about, so no patch exists. Social engineering / phishing: attacking people instead of code to harvest credentials or trigger actions; still the most common initial-access method. Insider threats: a current or former employee, contractor, or partner who misuses legitimate access, whether malicious or negligent.

💡 Why this matters to a developer

Most of these threats land through the vulnerability classes you just studied. Ransomware often enters via phishing plus an unpatched component (A06). Supply-chain attacks are integrity failures (A08). Zero-days frequently target misconfiguration (A05) or injection (A03). The code you write and the dependencies you choose are the attack surface these threats use.

How OWASP and NIST map onto the threats

Two frameworks, two altitudes. OWASP names the code-level weaknesses; NIST CSF organizes the whole program.

  1. 1

    OWASP Top 10: the code/app-level weaknesses an attacker exploits (injection, broken access control, vulnerable components, etc.). Use it to harden what you build.

  2. 2

    NIST Cybersecurity Framework (CSF): five functions that organize an organization's whole security program: Identify, Protect, Detect, Respond, Recover.

  3. 3

    Map a threat through both: ransomware -> Protect (patching, least privilege, A06/A05 fixes) + Detect (logging/monitoring, A09) + Recover (tested, offline backups).

  4. 4

    Phishing -> Protect (MFA, training) + Detect (anomalous-login alerts) + Respond (incident runbook).

  5. 5

    Supply chain -> Identify (SBOM, know your dependencies) + Protect (signed/verified artifacts, A08).

  6. 6

    Use OWASP when writing code; use NIST CSF when reasoning about the organization's posture.

Defending across the threat landscape

No single control stops everything, which is why defense in depth matters (covered next lesson). Against ransomware: patch fast, least privilege, segmented networks, and tested offline backups. Against supply-chain attacks: dependency scanning, lockfiles, and signed artifacts. Against zero-days: layered controls so one unknown bug is not game over, plus fast patching when disclosure happens. Against social engineering: MFA everywhere, phishing-resistant factors, and user training. Against insider threats: least privilege, logging of high-value actions (A09), and separation of duties.

Quick Check

How do the OWASP Top 10 and the NIST Cybersecurity Framework relate?

Pick the best answer.

Sign in and purchase access to unlock this lesson.

Sign in to purchase
←OWASP A10: Server-Side Request Forgery (SSRF)
Back to Application Security
Security Best Practices for Developers→