876 Views
OWASP as the name suggests would be an online community that rolls out free articles, methodologies, tools or documents in the domain of web application development. Some critical type of applications are there which is known as Owasp top 10. It goes on to outline some of the critical grey areas of a web application. Let us understand some of the common type of web application areas
- Injection flaws- an injection flaw would be in the form of OS, SQL or an LDAP injection when you are sending out an untrusted data to any network. It would trick an entrepreneur by providing unintentional commands or where they go on to access data without proper form of authentication.
- Session management and broken authentication- such an application would relate to broken authentication and session management, where an attacker would be compromising on session tokens, passwords or go on to exploit other form of implementation flaws. It is going to identify the identities to the other users.
- Broken access control- a restriction to what an authenticated user would not be enforced in a proper manner. An attacker would be able to exploit vulnerability so as to access data along with features. Examples would be in the form of sensitive files, to be modifying the data of other users or changing the access rights and so on.
- Cross site scripting- an XSS would allow to be executing script in the browser which would delete the web sites, or would be redirecting the users on to malicious sites. XSS is bound to occur when a website would allow you to solicit untrusted scripts on any web page without proper validation.
- Exposure to sensitive data- Some of the API and web applications would not be properly protect sensitive or critical data. An attacker would be in a position to modify or delete the data and mostly it tends to be in the form of credit card theft. A sensitive data is going to require some additional form of protection, which would be in the form of a strong encryption during a rest in transit. Special precautions might be vital when you are engaging with a browser.
- Lack of attack protection- They are some form of API, or applications which does not have an ability to detect, protect any form of automated or a manual attack. Such an attacker is going to cause data loss or a server acquisition with the aid of an attacker. An API or an application would be using a component with known vulnerability which would undermine the application defences and lead to multiple attacks.
A modern application is going to encompass applications like API or a client like a JavaScript in the browser or mobile applications that is going to establish connection to an API in some form of the other. With an API It is not protected and would go on to contain various forms of vulnerabilities. You can gain more information from the website.