The more things change, the more they stay the same. Despite a changing threat landscape and threat actors who keep upping their game, the vulnerabilities behind the threats remain consistent. The OWASP Top 10, ranked by the Open Web Application Security Project, lists the 10 most prominent and dangerous risks and threats for applications.
The OWASP top 10 publishes only once every few years. So, although there is currently no OWASP top 10 for 2021, a list will probably be released this year. The report writers don’t expect the list to change much, if at all, from the current rankings.
If you can address the majority of the OWASP top 10 most common security vulnerabilities, your security posture should be in great shape. So, what is the current top 10, and how can you defend against them?
OWASP A1:2017 – Injection
You’ve probably heard about SQL Injection, the most common injection type. SQL Injection was first disclosed in 1998 and is not difficult to defend against, yet it’s still common. Other injection flaws include NoSQL, OS and LDAP injection. In a nutshell, injections happen when an attacker sends or inserts untrusted code into the database query. In successful attacks, the attacker gains control of your database.
A2:2017 – Broken Authentication
When user authentication controls are either not set up correctly or overlooked, the likelihood of an account being breached can skyrocket. If attackers can compromise your passwords, session token or keys, there’s no limit to the kind of damage they can inflict. Methods used to exploit this vulnerability include credential stuffing, brute force access and session hijacking.
A3:2017 – Sensitive Data Exposure
Far too many web applications and application programming in ..
Support the originator by clicking the read the rest link below.
