What is OWASP?
OWASP or Open Web Application Security Project is an online community dedicated to web application security. The community works towards finding the most critical web application security flaws. The issues reported by OWASP are often easy to find and exploit and hence it is a cause of worry for all businesses. These are specific issues that vulnerability detection services like Appknox use to help pinpoint areas of weakness and stop security issues before they happen.
What is OWASP Top 10
OWASP has many different projects under its umbrella, one of which is the Top 10 Project. The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more.
The OWASP Top 10 represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The OWASP Top 10 provides:
- A list of the 10 Most Critical Web Application Security Risks
And for each Risk it provides:
- A description
- Example vulnerabilities
- Example attacks
- Guidance on how to avoid
- References to OWASP and other related resources
The Top 10 Vulnerabilities
As per the last update, here are the top vulnerabilities as reported by OWASP, arranged in order of severity:
A2. Broken Authentication and Session Management (XSS)
A3. Cross Site Scripting (XSS)
A4. Insecure Direct Object References
A5. Security Misconfiguration
A6. Sensitive Data Exposure
A7. Missing Function Level Access Control
A8. Cross Site Request Forgery (CSRF)
A9. Using Components with Known Vulnerabilities
A10. Unvalidated Redirects and Forwards
Starting next week, we will be explaining each vulnerability in detail and what you can do to keep yourself protected.
So watch out for more updates on this blog. You can subscribe to the Appknox blog by entering your email address below.