OWASP Top 10
The ten most critical web application security risks — and how Meridian neutralizes each one.
Broken Access Control
Meridian enforces per-route RBAC with signed capability tokens. Every resource access is verified server-side before rendering.
Cryptographic Failures
All secrets are encrypted at rest with AES-256-GCM. TLS 1.3 enforced in transit. No plaintext credentials ever touch disk.
Injection
Parameterized queries, input sanitization pipelines, and context-aware output encoding prevent SQL, NoSQL, and command injection.
Insecure Design
Threat modeling is built into the SDLC. Meridian ships with secure defaults — deny-by-default firewall rules, minimal attack surface.
Security Misconfiguration
Hardened base images, automated CIS benchmark scans, and infrastructure-as-code ensure consistent, auditable deployments.
Vulnerable Components
Continuous SBOM generation and automated CVE scanning block deployments containing known-vulnerable dependencies.
Auth Failures
Ed25519-signed sessions, hardware-bound device fingerprints, and automatic credential rotation eliminate credential stuffing and session hijacking.
Software Integrity Failures
Every binary and update is Ed25519-signed. The loader verifies signatures before execution — tampered payloads are rejected.
Logging & Monitoring Failures
Structured audit logs with tamper-proof integrity hashes. Real-time alerting on anomaly thresholds via integrated SIEM pipelines.
SSRF
Egress filtering, allow-listed outbound destinations, and request signing prevent server-side request forgery at the network layer.
Meridian maps every control to the OWASP Application Security Verification Standard (ASVS) Level 2.View ASVS mapping →