loading...
Loading...
Kick that your book hunting career with book crowd. Book crowd is the largest security research community in the world, and it helps companies such as Tesla simple Western Union Spotify and many more with cybersecurity paying anywhere from a simple thank you to $15,000.
Begin your book hunting career at bug crowd complex jack tutorials.
Hey, guys welcome back to a new episode of an explained. In this episode we are going to be looking at the l wasp top-10 this is a very important thing to know if you want to become a security researcher or ethnical hacker so let's guess that the robot stands for open web application security project.
It is a list of the top 10 most critical web application security risks and for each risk, it will provide a description example vulnerabilities and attacks and guidance on how to avoid these security risks. If you have someone who is making a website or head of cybersecurity into a company or a security researcher then you should be aware of the ER wasp top 10.
Essentially it raises awareness for security issues in websites and it's kind of like a checkbox system to decide whether or not your website or web application is vulnerable or not. The current version of awash top 10 was released in 2013 with an update expected to be 2016 or 2017. You may be thinking that it sounds outdated because the last update was 2013 however many of the security vulnerabilities within the 2013 version are still very apparent today.
The OWASP top 10 is also totally free for personal and business use which is awesome considering what it can potentially do to fix vulnerabilities even if the creators didn't know they existed. A wasp was released at Mobile top 10 risks as well which is also free as well as some other top 10 checklists which you can find on their website. The creator of a wasp is Dave witches who is a co-founder and chief operating officer of aspect security which is a consulting company that specializes in application security services. He was also one of the people who helped to establish the Rost foundation in 2004 but had been involved in a wasp since 2002. He had served at the OWASP board since 2004 2013 and had been a co-author of the was top 10 and has led the project since 2007.
David also involved in developing a new type of application for mobility analysis technology they use instrumentation to detect probabilities inside of running web applications. This is called contrast.
You can read the full bio of this guy using the link in the description as he's been involved in lots of project conferences and much more.
So let's take a look at what they are whilst the top 10 contains. Within the document, it contains the security threats with a number next to them.
#10 Unvalidated redirects and forwards
I believe that this also serves as a threat meter starting at 10 being the least dangerous - number one being the most severe and over ten we have.
The unvalidated redirects and forwards is when it is possible that a web application accepts an untrusted input that could cause the web application to redirect to the request URL contained within the untrusted input. This could mainly make it possible for an attacker to launch phishing scams and steal user credentials.
#9 Using components with known vulnerabilities
And number nine is using non-vulnerable components this is where an attacker can use things like framework libraries plugins and such where the attacker can have an exploit for a particular component and get access to a website that way.
#8 Cross-site request forgery (CSRF)
And number eight is cross-site request forgery also known as CSRF which I've covered before but this is how an attacker can cause our users to change their password change their user name change their email send private messages from their account etc at the click of a link it is how an attacker can get an unexpected user to click a link a complete request without them knowing I have covered this on my channel before like I said and Rebekah amend that you watch it.
#7 Missing function level access control
At number 7 we have missing function level access control which is where an anonymous user can access private functionality or a regular user can carry out privileged user functionality this is a privilege escalation of search but can more regular users access URLs that are not meant for them for example if I browse to admin dot PHP on a website when I'm logged in as a regular user will I get kicked out or will I be able to see the admin page.
#6 Sensitive data exposure
At number 6 we have sensitive data exposure which is where an attacker can gain access to your sensitive data or backups of this data. This is both the customer side and the business side. This also has to do with the way that you handle private information such as passwords and whether or not they are hashed and also if that hash algorithm is outdated or not for example md5.
I recently told the story of how I ended up on a website where I could browse through a folder called data and within the data folder I could actively download database backups and open them which contained usernames passwords which of course or in plain text as well as clients who had purchased from the website included in their full address email address full names phone numbers and much more. This is an uncommon threat however but it is labeled as severe.
#5 Security misconfiguration
Number five we have security miss-configuration which is to do with software being out of date such as plugins content management systems database management systems etc as well as unnecessary features installed are enabled which could expose a potential weakness. This is a common security weakness that is easy to detect which is why keeping your software up-to-date and disabling any services that are not used is important.
#4 Insecure direct object references
At number four we have insecure direct object references this is about the types of system data that is accessible by users and whether or not they have permissions for example if your user logs into your web application and their URL changes to use the CP dot PHP ID equals four before being their ID number if they change that to a one so that it says user CP dot PHP ie D equals one can you see the data on that page for ID number one if they can the national security risk.
#3 Cross-Site Scripting
And number three we have cross-site scripting or XSS I've also covered this on my channel but essentially this is being able to run JavaScript on the website, for example, making pop-up boxes appear a cookie stealer or in the case of the famous myspace worm a self-replicating worm that spreads across the website like I said before I've covered this a lot so feel free to check out.
#2 Broken authentication and session management
And number two we have broken authentication and session management this is in reference to a lot of things such as passwords not been stored hashed, session IDs been stored in the URL, session IDs not timing out, credentials can easily be bypassed for the useful we count management functions such as forgot passwords, or even passwords and session IDs been sent over an insecure connection such as HTTP.
#1 Injection
And finally, at number one we have the injection. This is the most common and severe attack and is to do with SQL injection. This is the art of being able to inject SQL code into a website and being able to retrieve it from a database such as username and password credentials. It can also be used outright bypass logging forms I've covered this a lot my channel too and I recommend that you check it out.
So that is what the Earle wasp top-10 is really important to know when it comes to checking web applications for vulnerabilities there's not all companies and people who design web applications check the things they make against the check sheet.
It's free so there's no reason why you shouldn't use it. I have left relevant links in the description below including all links to all the different security threats that I've mentioned but that's it for this episode of explained. I hope you enjoyed it as much as I enjoyed making it if you haven't already give the video I like and share it with people you think will also enjoy the video also subscribe to my channel if you haven't already I try to upload four videos a week so you'll have plenty of stuff to watch and finally follow me on Twitter that is at Jack 157 I like my facebook days jack tutorials and also follow me on Twitch that is Jack 157 until next time guys I will see you again and the next one.
loading...
0 Response to "TOP 10 OWASP and it's Vulnerabilities"
Post a Comment