SlideShare une entreprise Scribd logo

Owasp Top 10 Vulnerabilities List

Télécharger en tant que PPTX, PDF
V
Vamsi K

OWASP Top 10 Vulnerabilities List - How to fix & prevent these vulnerabilities easily while developing your software application? Continue reading...

Technologie
1  sur  14
OWASP Top 10 Vulnerabilities List TECHNOL OGY INNOVATION PROCESS By YITSOL
With the online world gaining more importance with every passing day, website security needs to be one of the leading priorities for site owners everywhere. That said, there are some vulnerabilities and issues that are more important others, and it’s necessary to prioritise these over others. TECHNOL OGY INNOVATION PROCESS Now, that’s where the OWASP(Open Web Application Security Project) top 10 list of security vulnerabilities comes in, as this list includes the top things to look out for, in order to secure your website, and keep it free from threats and vulnerabilities. Let’s find out the top ten vulnerabilities or security risks here:
#1 Injection flaws: TECHNOL OGY INNOVATION PROCESS This takes place when un-trusted data is included and sent as part of a query or indeed a command. Primarily, this is done through an SQL injection, but some other types do often occur. The entry-point for this vulnerability is usually through un-sanitized user info and data – this is what makes this vulnerability a dangerous thing, and one website owners should prioritize.
#2 Authentication problems: TECHNOL OGY INNOVATION PROCESS This occurs when authentication and session management solutions are incorrectly implemented. This results in the administrative accounts being placed in the hands of unscrupulous online attackers who can then access and use credentials (passwords, session tokens, keys and usernames) for their own benefit.
#3 Sensitive data exposure: TECHNOL OGY INNOVATION PROCESS Much like the risk as detailed in the point above, this vulnerability occurs due to the compromising of user inputted info and data. This makes the users’ personal info, such as, addresses, payment details and so forth easily available to attackers. Now, while this is bad for the customers, this is also a huge worry for businesses and websites as well, as they are likely to lose users and customers for breaches of this nature.
#4 XML external entities: TECHNOL OGY INNOVATION PROCESS Simply put, this vulnerability can be described to be an injection type of attack that is executed by malicious code within Extensible Markup Language (XML) files. One of the primary ways of fixing this issue is to use a less complex data format such as JSON, wherever possible.
#5 Broken access control: TECHNOL OGY INNOVATION PROCESS Controls that determine user permission, usually referred to as access controls, can be broken as well. In this scenario, a user who does not have the necessary permissions is mistakenly allowed to access certain areas, and this could lead to disastrous consequences for the website and business.
#6 Security misconfiguration: TECHNOL OGY INNOVATION PROCESS So, while security misconfiguration problems can arise on account of code-related issues, they usually only take place because of user errors. Therefore, this vulnerability can result in much the same risks as vulnerabilities associated with permission breaches. This issue should be addressed as soon as possible, to ensure continued smooth and risk free operation of the website.
#7 Cross-site scripting (XSS): TECHNOL OGY INNOVATION PROCESS This issue occurs when the attackers take advantage of the dynamic elements of the website to then proceed to ‘hijack’ the browser and computer of the user. This threat must be kept at bay, as this is one of the basic and vital issues, as far as user trust and relationships are concerned.
#8 Insecure deserialization: TECHNOL OGY INNOVATION PROCESS Sensitive and important data can be exposed and made available to attackers when untrusted data is being serialized and deserialized. The data that can be exposed includes, API authentication tokens, caches, databases and much more. Deserialization attacks can also result in privilege escalation attacks, injection attacks, and even replay attacks.
#9 The use of components with known vulnerabilities: TECHNOL OGY INNOVATION PROCESS Many components enjoy the same privileges that the applications enjoy – these components include, libraries, frameworks, and other software modules. When the vulnerability of a particular component is exploited, this can result in a significant loss of data or even a server takeover. Therefore, the use of components with known vulnerabilities should be avoided at all costs by the website owner.
#10 Insufficient logging and monitoring: TECHNOL OGY INNOVATION PROCESS While this is not a direct vulnerability, your website can fall prey to any of the risks and threats as mentioned in the last nine points, if insufficient or no logging and monitoring is carried out by the business or website manager. What’s more, if they do not carry out the necessary amounts of logging and monitoring, you may not even be aware that your site is under attack, and this can lead to a whole host of problems.
Conclusion: TECHNOL OGY INNOVATION PROCESS We do hope you found this presentation on OWASP top 10 vulnerabilities list, useful, and we do encourage you to pay attention to these vulnerabilities and ensure that your website always remains, safe, secure and risk free.
Thank You! TECHNOL OGY INNOVATION PROCESS To know more visit: Yitsol.com

Recommandé

OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
Ishan Mathur
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
Dilum Bandara
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Owasp
Owasp Owasp
Owasp
penetration Tester
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1
Telefónica
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
Shivam Porwal
 

Recommandé

OWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTranaOWASP Top 10 Vulnerabilities 2017- AppTrana
OWASP Top 10 Vulnerabilities 2017- AppTrana
Ishan Mathur
 
OWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New VulnerabilitiesOWASP Top 10 2017 - New Vulnerabilities
OWASP Top 10 2017 - New Vulnerabilities
Dilum Bandara
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
Owasp
Owasp Owasp
Owasp
penetration Tester
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1OWASP TOP TEN 2017 RC1
OWASP TOP TEN 2017 RC1
Telefónica
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
Shivam Porwal
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
davidjohnrace
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
OWASP Top10 2010
OWASP Top10 2010OWASP Top10 2010
OWASP Top10 2010
Tommy Tracx Xaypanya
 
Owasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosecOwasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosec
Cyberops Infosec LLP
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
Tobias Koprowski
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Jiri Danihelka
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
RIZWAN HASAN
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
Muhammad Shehata
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
Shreyas N
 
OWASP TOP 10 & .NET
OWASP TOP 10 & .NETOWASP TOP 10 & .NET
OWASP TOP 10 & .NET
Daniel Krasnokucki
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
Shivam Porwal
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
ibrahimumer2
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
All Things Open
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
Preetish Panda
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
Micho Hayek
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
YasserElsnbary
 
t r
t rt r
t r
electronicmingle01
 
Ab cs of software security
Ab cs of software securityAb cs of software security
Ab cs of software security
David Klassen
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
Zakaria SMAHI
 

Contenu connexe

Tendances

OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
Nikola Milosevic
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 

Tendances (20)

Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
OWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfigurationOWASP Serbia - A6 security misconfiguration
OWASP Serbia - A6 security misconfiguration
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
OWASP Top10 2010
OWASP Top10 2010OWASP Top10 2010
OWASP Top10 2010
 
Owasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosecOwasp top 10 Vulnerabilities by cyberops infosec
Owasp top 10 Vulnerabilities by cyberops infosec
 
DataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPSDataMindsConnect2018_SECDEVOPS
DataMindsConnect2018_SECDEVOPS
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Owasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilitiesOwasp top 10 & Web vulnerabilities
Owasp top 10 & Web vulnerabilities
 
OWASP Top 10 Project
OWASP Top 10 ProjectOWASP Top 10 Project
OWASP Top 10 Project
 
Owasp 2017 oveview
Owasp 2017 oveviewOwasp 2017 oveview
Owasp 2017 oveview
 
OWASP TOP 10 & .NET
OWASP TOP 10 & .NETOWASP TOP 10 & .NET
OWASP TOP 10 & .NET
 
Owasp Top 10
Owasp Top 10Owasp Top 10
Owasp Top 10
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
t r
t rt r
t r
 

Similaire à Owasp Top 10 Vulnerabilities List

Ab cs of software security
Ab cs of software securityAb cs of software security
Ab cs of software security
David Klassen
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
Ajin Abraham
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
Mike Spaulding
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
qqlan
 

Similaire à Owasp Top 10 Vulnerabilities List (20)

Ab cs of software security
Ab cs of software securityAb cs of software security
Ab cs of software security
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE OWASP Top 10 2007 for JavaEE
OWASP Top 10 2007 for JavaEE
 
According to owasp, there are eight reasons why odoo is the most secure platform
According to owasp, there are eight reasons why odoo is the most secure platformAccording to owasp, there are eight reasons why odoo is the most secure platform
According to owasp, there are eight reasons why odoo is the most secure platform
 
owasp features in secure coding techniques
owasp features in secure coding techniquesowasp features in secure coding techniques
owasp features in secure coding techniques
 
Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)Module 12 (web application vulnerabilities)
Module 12 (web application vulnerabilities)
 
OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017OWASP Mobile Security: Top 10 Risks for 2017
OWASP Mobile Security: Top 10 Risks for 2017
 
Injecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime WhitepaperInjecting Security into Web apps at Runtime Whitepaper
Injecting Security into Web apps at Runtime Whitepaper
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Building an AppSec Team Extended Cut
Building an AppSec Team Extended CutBuilding an AppSec Team Extended Cut
Building an AppSec Team Extended Cut
 
Mike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security ProgramMike Spaulding - Building an Application Security Program
Mike Spaulding - Building an Application Security Program
 
Research challenges and issues in web security
Research challenges and issues in web securityResearch challenges and issues in web security
Research challenges and issues in web security
 
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
ITCamp 2018 - Tobiasz Koprowski - SECDEV(OPS). How to Brace Your IT Security.
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
CEH Domain 5.pdf
CEH Domain 5.pdfCEH Domain 5.pdf
CEH Domain 5.pdf
 
Domain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application HackingDomain 5 of the CEH: Web Application Hacking
Domain 5 of the CEH: Web Application Hacking
 
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdfCisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
Cisco_eBook_ShiftLeftSecurity_2022_06_07a.pdf
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Positive Technologies Application Inspector
Positive Technologies Application InspectorPositive Technologies Application Inspector
Positive Technologies Application Inspector
 

Dernier

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Owasp Top 10 Vulnerabilities List

  • 1. OWASP Top 10 Vulnerabilities List TECHNOL OGY INNOVATION PROCESS By YITSOL
  • 2. With the online world gaining more importance with every passing day, website security needs to be one of the leading priorities for site owners everywhere. That said, there are some vulnerabilities and issues that are more important others, and it’s necessary to prioritise these over others. TECHNOL OGY INNOVATION PROCESS Now, that’s where the OWASP(Open Web Application Security Project) top 10 list of security vulnerabilities comes in, as this list includes the top things to look out for, in order to secure your website, and keep it free from threats and vulnerabilities. Let’s find out the top ten vulnerabilities or security risks here:
  • 3. #1 Injection flaws: TECHNOL OGY INNOVATION PROCESS This takes place when un-trusted data is included and sent as part of a query or indeed a command. Primarily, this is done through an SQL injection, but some other types do often occur. The entry-point for this vulnerability is usually through un-sanitized user info and data – this is what makes this vulnerability a dangerous thing, and one website owners should prioritize.
  • 4. #2 Authentication problems: TECHNOL OGY INNOVATION PROCESS This occurs when authentication and session management solutions are incorrectly implemented. This results in the administrative accounts being placed in the hands of unscrupulous online attackers who can then access and use credentials (passwords, session tokens, keys and usernames) for their own benefit.
  • 5. #3 Sensitive data exposure: TECHNOL OGY INNOVATION PROCESS Much like the risk as detailed in the point above, this vulnerability occurs due to the compromising of user inputted info and data. This makes the users’ personal info, such as, addresses, payment details and so forth easily available to attackers. Now, while this is bad for the customers, this is also a huge worry for businesses and websites as well, as they are likely to lose users and customers for breaches of this nature.
  • 6. #4 XML external entities: TECHNOL OGY INNOVATION PROCESS Simply put, this vulnerability can be described to be an injection type of attack that is executed by malicious code within Extensible Markup Language (XML) files. One of the primary ways of fixing this issue is to use a less complex data format such as JSON, wherever possible.
  • 7. #5 Broken access control: TECHNOL OGY INNOVATION PROCESS Controls that determine user permission, usually referred to as access controls, can be broken as well. In this scenario, a user who does not have the necessary permissions is mistakenly allowed to access certain areas, and this could lead to disastrous consequences for the website and business.
  • 8. #6 Security misconfiguration: TECHNOL OGY INNOVATION PROCESS So, while security misconfiguration problems can arise on account of code-related issues, they usually only take place because of user errors. Therefore, this vulnerability can result in much the same risks as vulnerabilities associated with permission breaches. This issue should be addressed as soon as possible, to ensure continued smooth and risk free operation of the website.
  • 9. #7 Cross-site scripting (XSS): TECHNOL OGY INNOVATION PROCESS This issue occurs when the attackers take advantage of the dynamic elements of the website to then proceed to ‘hijack’ the browser and computer of the user. This threat must be kept at bay, as this is one of the basic and vital issues, as far as user trust and relationships are concerned.
  • 10. #8 Insecure deserialization: TECHNOL OGY INNOVATION PROCESS Sensitive and important data can be exposed and made available to attackers when untrusted data is being serialized and deserialized. The data that can be exposed includes, API authentication tokens, caches, databases and much more. Deserialization attacks can also result in privilege escalation attacks, injection attacks, and even replay attacks.
  • 11. #9 The use of components with known vulnerabilities: TECHNOL OGY INNOVATION PROCESS Many components enjoy the same privileges that the applications enjoy – these components include, libraries, frameworks, and other software modules. When the vulnerability of a particular component is exploited, this can result in a significant loss of data or even a server takeover. Therefore, the use of components with known vulnerabilities should be avoided at all costs by the website owner.
  • 12. #10 Insufficient logging and monitoring: TECHNOL OGY INNOVATION PROCESS While this is not a direct vulnerability, your website can fall prey to any of the risks and threats as mentioned in the last nine points, if insufficient or no logging and monitoring is carried out by the business or website manager. What’s more, if they do not carry out the necessary amounts of logging and monitoring, you may not even be aware that your site is under attack, and this can lead to a whole host of problems.
  • 13. Conclusion: TECHNOL OGY INNOVATION PROCESS We do hope you found this presentation on OWASP top 10 vulnerabilities list, useful, and we do encourage you to pay attention to these vulnerabilities and ensure that your website always remains, safe, secure and risk free.
  • 14. Thank You! TECHNOL OGY INNOVATION PROCESS To know more visit: Yitsol.com