Scribd
Upload
18 views12 pages

Unit - II

Uploaded by

m.saimohan2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views12 pages

Unit - II

Uploaded by

m.saimohan2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

Unit -2

Introduction to owasp top 10


Introduction to owasp top 10
• OWASP Top 10 is a widely recognized and essential document published by the
Open Web Application Security Project (OWASP).
• a non-profit organization focused on improving software security. The OWASP
Top 10 represents a list of the ten most critical web application security risks
• organizations should be aware of and enhance the security of their web
applications.
• The list is regularly updated to reflect the evolving threat and to highlight the
attack vectors that pose the most significant risks to web applications
OWASP Top 10 list (2017 version):

Injection: This vulnerability occurs when untrusted data is


sent to an interpreter as part of a query or command. It
can lead to malicious code execution and unauthorized
access to the application's data.
Broken Authentication
• When authentication and session management
mechanisms are poorly implemented, attackers can
compromise user accounts, passwords, and session
tokens.
Sensitive Data Exposure
This risk involves the exposure of sensitive information
like credit card numbers, passwords, or personal data
due to inadequate encryption or other security measures.
XML External Entities (XXE)
• Attackers can exploit weaknesses in XML processors to
disclose sensitive information, execute remote code, or
perform denial-of-service attacks.
Broken Access Control
Poorly configured access controls might allow attackers
to access unauthorized functionality or gain unauthorized
access to sensitive data.
Security Misconfiguration
This risk involves leaving security-relevant settings in
default configurations or exposing sensitive information
through error messages.
Cross-Site Scripting (XSS)
• XSS vulnerabilities enable attackers to inject malicious
scripts into web pages viewed by other users,
potentially stealing their information or performing
unauthorized actions.
Insecure Deserialization
• Attackers can manipulate serialized objects to execute
arbitrary code, leading to serious security breaches.
Using Components with Known
Vulnerabilities
• Integrating third-party components with known
vulnerabilities can provide attackers with a direct path
to exploit weaknesses.
Insufficient Logging and Monitoring
• Inadequate logging and monitoring make it difficult to
detect and respond to security incidents promptly,
hindering incident response efforts.

You might also like