Articles about OWASP and the OWASP Top 10
Consider a user setting a password such as ‘ UNION TABLE spaceships; This may look like an SQL Injection, but it’s actually a very good password. It is fairly long, it…
Category:
OWASP
-
The OWASP CRS are more generic in nature than a commercial ruleset and cover a much larger set of applications from a broader attack surface. This means that the CRS protects…
-
What is OWASP CRS? The Open Web Application Security Project® (OWASP) is an umbrella organization with several projects under its wings. The OWASP ModSecurity Core Rule Set (shortened to CRS) is one…
-
Injection attack remains at the A1 position on the latest 2017 OWASP Top 10 list of most prevalent security threats for web-based applications. It is straightforward to exploit on systems…
-
Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization that provides unbiased, practical information to improve the security of software. Project members include a variety of security…
-
A10 – Underprotected APIs is one of two new additions to the OWASP Top 10 list of threats to web applications. The other new addition is A7 – Insufficient Attack…
-
Very few web application projects are delivered using software completely written from scratch. Rather the modern application development model relies on frameworks, modules and components from various sources that are…
-
Cross Site Request Forgery An attacker can compromise a web application that has a Cross Site Request Forgery (CSRF) vulnerability by exploiting a valid authenticated session that has been set…
-
Missing Function Level Access Control What is the vulnerability? Web applications typically only show functionality that a user has the need for and rights to use in the UI on…
-
What is Sensitive Data? There is an argument to be made for saying that all data is sensitive. Certainly, some data which might be sensitive for one person, another person…
-
Cross Site Scripting (XSS) attacks are a type of injection attack. XSS is probably the most common type of malicious attack after code injection. They are certainly the most common…
-
Broken Authentication and Session Management Securely authenticating users, managing their sessions when connected, and ensuring proper logout when the sessions end are essential activities when delivering web applications. As are…
-
Code Injection What is the vulnerability? A Code Injection occurs when untrusted data is injected or manually entered into an input sent to an application or database. The untrusted data…
Trustwave is a leading cybersecurity organization with more than 200,000 clients spread over 96 countries. As a result, they get to see and investigate many cybersecurity incidents. They also operate Trustwave…
[box type=”bio”]The final OWASP Top Ten for 2017 can be found here: [/box] The top 10 list of threats compiled and published by the Open Web Application Security Project (OWASP) have been…
What is the vulnerability? Web sites are constantly changing. Pages get published but later they are superseded by new ones that contain updated information. However many people will have the…
What is the vulnerability? An Insecure Direct Object Reference vulnerability occurs when data in an application is exposed without appropriate checks being made before the access is granted. The data…
Security Misconfiguration Modern web applications are built from many different parts. There are front end components such as a web browser, a desktop application with embedded web viewer, or increasingly…