DEV Community

BPB Online
BPB Online

Posted on

OWASP Top 10 Vulnerabilities

Open Web Security Project is a non-profit charitable organization. It is a global reference for large types of vulnerabilities. OWASP Top 10 addresses the most impactful application security risks based on a larger number of data sets and opinions surveyed from a plethora of industry professionals. There have been three released in this decade — 2010, 2013, and 2017.

Let’s see the top 10 OWASP vulnerabilities

A1- Injection

Injection vulnerabilities occur when untrusted user data is processed by the web application in an unsafe way.

A2- Broken Authentication

These vulnerabilities occur when web applications fail to implement secure authentication mechanisms like weak password policies or weak storage of Credentials.

A3- Sensitive Data Exposure

Sensitive data exposure vulnerabilities occur when security controls are not implemented properly at the time of data in transit and data in the store.

A4- XML External Entities

XXE vulnerabilities occur when untrusted XML input referencing to an external entity is accepted and parsed by vulnerable XML parsers.

A5- Broken Access Control

Broken access control vulnerabilities occur when developers fail to implement proper access control policies within the web application.

A6- Security Misconfiguration

Security flaws present in the misconfiguration of application frameworks, servers, databases, etc. allow hackers to access unauthorized privileged data.

A7- Cross-Site Scripting

XSS vulnerability allows attackers to inject malicious code into dynamic web pages which in turn run malicious code such as JavaScript into browsers and compromise victims.

A8- Insecure Deserialization

Insecure Deserialization occurs when untrusted structured data is passed to be contrasted into an object. It can be used to perform various malicious tasks like remote code execution and injection attacks.

A9- Using Components with known vulnerabilities

Web applications use various vulnerable components like libraries and frameworks. These vulnerable versions are mentioned on the internet so an attacker can easily find them and leverage them to cause damage.

A10- Insufficient Logging and Monitoring

Application logs, Trace logs should be maintained in the web application to track any malicious activity. The absence of such controls allows attackers to further attack systems, tamper, and destroy data.

Hope this was helpful.

Discussion (0)