Top 10 OWASP Vulnerabilities
1. Injection
Lightweight Directory Access Protocol (LDAP) query Injection, OS Command Injection and SQL Injection are all different kinds of injection flaws. Injection vulnerabilities usually occur whenever unsanitized, user-supplied input is concatenated with instructions before they're parsed. consider the developer of a router that permits users to ping remote servers for debugging purposes, let's say. the simplest way to do that is to execute the operating system's built-in ping command with the hostname the user provided, potentially opening a security flaw.
This command is then parsed by the installed shell – bash, for example. However, most shells allow users to execute multiple commands in one line if they are separated by a semicolon. An attacker can abuse this fact by sending localhost; cat /etc/passwd to the application. Instead of executing only one command, as anticipated, the attacker succeeds in adding (injecting) another instruction into the query. So, instead of executing ping localhost, the router will also show the content of the /etc/passwd file, because of the injected cat command.
Application security testing will simply find injection flaws. Developers should use parameterized queries when coding to prevent injection flaws.
2. Broken Authentication and Session Management
Authentication in web applications is usually used to control users' access to specific data. the foremost common security risks concerning authentication and session management are: password stealing, stealing session tokens and impersonating legitimate users. Security flaws concerning authentication are generally known in password reset functionality by the change of state with cookies, session IDs, or similar.
Multi-factor authentication, such as FIDO or dedicated apps, reduce the danger of compromised accounts.
3. Sensitive Data Exposure
Sensitive information stored in databases (or anyplace else) should be protected. MasterCard details, Social Security numbers and different sensitive client details should be encrypted when stored in a database, even if they're not directly accessible through an internet application. an equivalent applies for sensitive information that's transmitted to and from the web application, such as credentials or payment details. Such data ought to be also be transmitted over a secure and encrypted layer.
Formerly, sensitive information exposure led to an enormous amount of information suddenly changing into accessible to anyone who was willing to look for it. Misconfigured MongoDB instances were blamed for such breaches; currently, publicly-accessible S3 buckets are the most culprit. they're named when 'Simple Storage Service', a facility that's a part of the Amazon Web Services (AWS). AWS users will store information in these buckets and choose who has access to them. However, they're typically designed incorrectly, and might then be viewed by unauthenticated users, or by association with an AWS account.
 encoding of information at rest and in transit will assist you accommodates data protection rules.
4. XML External Entity
Poorly configured XML processors value external entity references among XML documents. Attackers will use external entities for attacks as well as remote code execution, and to disclose internal files and SMB file shares.
 Static application security testing (SAST) will discover this issue by inspecting dependencies and configuration.
5. Broken Access Control
Improperly configured or missing restrictions on authenticated users permit them to access unauthorized functionality or information, like accessing different users’ accounts, viewing sensitive documents, and modifying information and access rights. Broken Access control is a new category of vulnerability. it had been created by merging Insecure direct object References (IDOR) with Missing perform Level Access control from previous OWASP prime ten lists. Broken Access control refers to restrictions that don't seem to be properly enforced. It happens to Illustrate once authenticated users without administrative authority will create new administrator accounts.
 Penetration testing is crucial for detective work non-functional access controls; alternative testing strategies only detect where access controls are missing.
6. Security Misconfiguration
This risk refers to the improper implementation of controls intended to keep application data safe, such as misconfiguration of security headers, error messages containing sensitive information (information leakage), and not patching or upgrading systems, frameworks, and components.
  Dynamic application security testing (DAST) can detect misconfigurations, such as leaky APIs.
7. Cross-Site Scripting
Cross-site scripting (XSS) flaws give attackers the capability to inject client-side scripts into the application, for example, to redirect users to malicious websites.
Developer training complements security testing to help programmers prevent cross-site scripting with best coding best practices, such as encoding data and input validation.
8. Insecure deserialization
Insecure deserialization flaws can enable an attacker to execute code in the application remotely, tamper or delete serialized (written to disk) objects, conduct injection attacks, and elevate privileges.
 Application security tools can detect deserialization flaws but penetration testing is frequently needed to validate the problem.
9. Using Components With Known Vulnerabilities
Developers often don’t know which open source and third-party components are in their applications, creating it troublesome to update elements when new vulnerabilities are discovered. Attackers will exploit an insecure part to require over the server or steal sensitive data.
Software composition analysis conducted at the same time as static analysis can identify insecure versions of components.
10. Insufficient Logging and Monitoring
The time to discover a breach is often measured in weeks or months. insufficient logging and ineffective integration with security incident response systems enable attackers to pivot to alternative systems and maintain persistent threats.
Think like an attacker and use pen testing to seek out if you have got sufficient monitoring; examine your logs after pen testing.

 
 
 
ReplyDeleteSocialMonkee is a must-have for anyone wanting to take their online business to the next level, so don't miss out on this great opportunity to skyrocket your search engine rankings! http://www.socialmonkee.com/lstr432