OWASP Top 10 Explained

OWASP Top 10 Explained - Web Application Security Risk - OWASP Top 10 OWASP top 10: https://owasp.org/www-project-top-ten/ What is a Web Server? Refers to the server Software/Hardware that can “Serve” content to the World Wide Web. Responds to requests from clients. Web Server Attacks Diretcory Traversal Attempts to access restricted directories example: https://www.test.com/../../etc/users Metasploit (Application) A tool for developing and executing exploit code against a remote target machine. Website Mirrioring (HTTrack) Web Application Security Risk OWASP Top 10 Injection Broken Authentication Sensitive Data Exposure XML External Entities Broken Access Control Security Misconfigurations Cross Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient Logging and Monitoring 1. Injection What is it? An Injection of code happens when an attacker sends invalid and untrusted data to the application as part of a command or query. 2. Broken Authentication What is it? Broken Authentication vulnerabilities allow attackers to use manual or automatic ways to gain control over one or more accounts in a system. 3. Sensitive Data exposure What is it? Sensitive data exposure has been one of the most popular vulnerabilities to exploit. It consist of an attacker compromising data that should have been protected. 4. XML External Entities What is it? An XML attack happens when an application that parses XML input is attacked. The attack can occur when XML input contains a reference to an external entity and when that reference is processed by a weakly configured XML Parser. 5. Broken Access Control What is it? Access Control or Authorization in web applications means that the app puts a limit on what content and functions should be available to different users. Broken Access Control is the problem that merges when the application does not have a centralized access control. 6. Security Misconfigurations What is it? Just as the name implies, security misconfigurations happen when vulnerabilities or security configurations are overlooked. This includes: Having unprotected files on public servers Havening unpatched dependencies 7. Cross Site Scripting (XSS) What is it? Cross site scripting is one of the most common vulnerabilities that affect many web applications. XSS attacks are essentially malicious injections (Client-Side) that are added to a web page or app through user input. 8. Insecure Deserialization What is it? When data is stored or transmitted the bits are serialized so that they can later be restored to the original structure. Deserialization is the process of reassembling a series of bits back into a file. 9. Using components with known Vulnerabilities What is it? As the name aplies the use of components with known vulnerabilities can put your web security at risk. WHen vulnerabilities are known vendors will in most cases fix them right away and release a newer version. 10. Insufficient Logging and Monitoring What is it? A hackers dream is to be able to carry out malicious attacks without ever getting detected. If you do not ensure that monitoring and logging are in place, you’re fulfilling that dream.