OWASP Top 10

The Open Web Application Security Project (OWASP) Top 10 lists the ten most important security risks in web applications, and is published and updated every three years by the OWASP organization. We need to follow the OWASP checklist in order to ensure that our web applications aren't leaving security holes. The list can be found at https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf.

The latest checklist published in 2017 includes the following aspects:

  • A1: Injection
  • A2: Broken authentication and session management
  • A3: Cross-site scripting (XSS)
  • A4: Insecure direct object references
  • A5: Security misconfiguration
  • A6: Sensitive data exposure
  • A7: Missing function level access control
  • A8: Cross-site request forgery (CSRF)
  • A9: Using components with known vulnerabilities
  • A10: Unvalidated redirects and forwards

To test and verify several of these vulnerabilities, we can use the Burp suite (https://portswigger.net/burp ). The process is easy to understand, and will check the application for most known security holes. As a tool, Burp comes with Kali Linux distributions, which we will explain in the following section.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.227.190.211