Tuesday, 13 April 2021

OWASP Top 10 Security Risks and Vulnerabilities

OWASP Top 10 Security Risks and Vulnerabilities



Question: What Is OWASP?

Full form of OWASP is Open Web Application Security Project.
It is community which includes small and big IT companies and individual people etc, they provide us Top Vulnerabilities in IT.
Its is not an official standard, it is just a white paper that is used by many organizations, vulnerability bounty programs, and cyber security experts etc

 
Question: What are Top 10 Security Risks and Vulnerabilities?
  1. Injection :
    With use of Structured Query Language(SQL), unauthorized person try to get the data which he have not access, modify/delete the data which he have not access.

  2. Broken Authentication :
    With use of Some cookie/Sessions, unauthorized person try to login in the system

  3. Sensitive Data Exposure :
    When we use website with Http URL (unsecured data transmission), data can be read by unauthorized person/organization

  4. XML External Entities :
    Many times organization provide the XML data which is public, Attackers attack on the public data which leads to shut down the server.

  5. Broken Access Control :
    Due to In proper coding/testing, Normal user switch to Admin user by manipulating some param.

  6. Security Mis-configuration:
    Default Server configuration must be need check and update before go live.

  7. Cross site scripting (XSS):
    With use of javascript, Attackers post on malicious code and it damage the server or effect the other users

  8. Insecure Deserialization :
    When we transform the data from one format to another format, sometime data change to dramatically bad.

  9. Using component with Known vulnerabilities :
    When we use the third party component without deep analysis, It can baddly effect of server or application.

  10. Insufficient Logging and monitoring :
    We must add the proper logs to analyse in future