In this chapter, we will cover:
- A1 – Preventing injection attacks
- A2 – Building a proper authentication and session management
- A3 – Preventing cross-site scripting
- A4 – Preventing Insecure Direct Object References
- A5 – Basic security configuration guide
- A6 – Protecting sensitive data
- A7 – Ensuring function level access control
- A8 – Preventing CSRF
- A9 – Where to look for known vulnerabilities on third-party components
- A10 – Redirect validation
The goal of every penetration test is to identify the possible weak spots in applications, servers, or networks; weak spots that could be the opportunity to gain sensitive information or privileged access for an attacker. The reason to detect such vulnerabilities is not only to know that they exist and calculate the risk attached to them, but to make an effort to mitigate them or reduce them to the minimum.
In this chapter, we will see examples and recommendations of how to mitigate the most critical Web application vulnerabilities according to OWASP (Open Web Application Security Project):
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.