OWASP 10 Vulnerabilities with Examples:
OWASP stands for Open web application security project:
It is non profit foundation works to improve web applications security.
It releases Top 10 Vulnerability, risks which applications may face for particular year.
Every year it announce 10 top vulnerabilities
It functions under open community model, anyone can take part and contribute to OWASP related work like projects.
It started its operations from 2001.
It started releasing Top list since 2003.
Security auditors consider OWASP Framework Top 10 to judge particular organization compliance standards. It is very important concept of Cyber Security.
What are the OWASP Top 10 Vulnerabilities for 2021
2021 Vulnerabilities
- Broken Access control
- Cryptographic Failures
- Injection
- Insecure design
- Security Misconfiguration
- Vulnerable and outdated components
- Identification and authentication failure
- Software and data integrity failures
- Security logging and monitory failures
- SSRF Server side request forgery
OWASP Top 10 Vulnerabilities for the Year 2021:
1. Broken access Control:
By this Vulnerabilities attacker can access user accounts.
User account can be viewed or modified
Solution: IAST ( Interactive application security testing)
2. Cryptographic Failures:
It happens when imported stored data is compromised.
Example : Social security number
3. Injection.
Malicious code is injected into vulnerable applications.
Mitigation: Input validation
4. Insecure Design:
Vulnerability in software design
Example: In the design of application, there is no authentication system to protect sensitive data.
5. Security Misconfiguration:
This happens when there is configuration error.
Example: Default account username and password is not changed, ports opens
6. Vulnerable and Outdated components:
Some components used in development may be updates.
Such components must be identified and patched as soon as possible.
7. Identification and Authentication failures.
If authentication and session management is not implemented properly attackers may hack passwords.
user Identity is stolen by attackers.
Mitigation:
Use MFA multi factor authentication.
8. Software and Data Integrity Failures:
It is deserialization flaw which allows attacker to execute malicious code remotely in the system.
9. Security Logging and Monitoring failures:
Applications, website owners, organization not able to detect a breach due to lack of monitoring and logging system.
10. Server Side Request Forgery :
In this web application does not validate user provided URL.
It happens when a web application fetches a remote resource without validating URL supplied by the user.
Example: Cloud Services
