OWASP TOP 10 VULNERABILITIES EXPLAINED 2021 EDITION.
What Is Owasp Top 10?
WHAT IS OWASP RISK RATING METHODOLOGY?
OWASP TOP 10 VULNERABILITIES OF 2021 ARE :
2. BROKEN AUTHENTICATION
3. SENSITIVE DATA EXPOSURE
4. XML XTERNAL ENTITIES (XXE)
5. BROKEN ACCESS CONTROL
6. SECURITY MISCONFIGURATION
7. CROSS-SITE SCRIPTING (XSS)
8. INSECURE DESERIALIZATION
9. USING COMPONENTS WITH KNOWN VULNERABILITIES
10. INSUFFICIENT LOGGING AND MONITORING
All data, as a rule, is stored in a special database, the calls to which are built in a form of queries, most often written in a Structured Query Language - SQL. Applications use SQL queries to receive, add, change and remove data. This is a very insecure weakness that can give the access an intruder to the database, as well as the ability to see, modify or delete data that is not intended for him. In such a way, an attacker can turn someone else's account balance together with the first and last name or steal someone's data.
The weakness is an aftermath of insufficient validation of user data, so that allows an intruder to put into web forms specially prepared requests that "trick" the app and allow reading or writing illegitimate data.
Perhaps the most common example of this security vulnerability is the SQL Query you can view one of the OWASP examples below:
String query = “SELECT * FROM accounts WHERE custID = ‘” + request.getParameter(“id”) + “‘”;
A broken authentication vulnerability can allow an attacker to use manual and/or automatic methods to try to gain control over any account they want in a system – or even worse – to gain complete control over the system.
Websites with broken authentication vulnerabilities are very common on the web. Broken authentication usually refers to logic issues that occur on the application authentication’s mechanism, like bad session management prone to username enumeration – when a malicious actor uses brute-force techniques to either guess or confirm valid users in a system.
To minimize broken authentication risks avoid leaving the login page for admins publicly accessible to all visitors of the website:
• /administrator on Joomla!,
•/wp-admin/ on WordPress,
•/index.php/admin on Magento,
•/user/login on Drupal.
The second most common form of this flaw is allowing users to Brute Force username/password combination against those pages.
"SENSITIVE DATA EXPOSURE"
"XML XTERNAL ENTITIES (XXE)"
"BROKEN ACCESS CONTROL"
The essence of this OWASP TOP 10 Vulnerability, as the name suggests, is the lack of verification of proper access to the requested object. Most web applications check permissions before displaying data in the user interface. However, applications must perform the same access control checks on the server when requesting any function. After all, there are many auxiliary services requests, which are often sent 📤 asynchronously in the background using AJAX Technology. If the requested parameters are not carefully validated, attackers could spoof the request to access data without any permission.
Read more about this topic from here: Broken Access Control
It is estimated that up to 95% of cloud breaches are the result of human errors and this fact leads us to the next vulnerability called security misconfiguration. This vulnerability refers to the improper implementation of security intended to keep application data safe. As we know the developer’s work is basically to work on the functionality of websites and not on security and this flaw allows hackers to keep track of the configuration of the security and find new possible ways to enter websites. The most common reason for this vulnerability is not patching or upgrading systems, frameworks, and components.
"CROSS-SITE SCRIPTING (XSS)"
Cross-site scripting is a type of security vulnerability typically found in web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. >
This attack can be prevented by using appropriate response headers, filtering the input and encoding the output, using the content security policy, applying a zero-trust approach to user input. The most common payload for XSS Attack is :
Insecure Deserialization vulnerability allows an attacker to remotely execute code in the application, tamper or delete serialized (written to disk) objects, conduct injection attacks, replay attacks, and elevate privileges. This attack is also known as untrusted Deserialization. It is a serious application security issue that affects most of the modern systems.
"USING COMPONENTS WITH KNOWN VULNERABILITIES"
Known vulnerabilities are vulnerabilities that were discovered in open source components and published in the NVD (National Vulnerability Database), security advisories and issue trackers. From the moment of publication, a vulnerability can be exploited by hackers who find the documentation. According to OWASP, the problem of using components with known vulnerabilities is highly prevalent. Moreover, the use of open source components is so widespread that many development leaders don't even know what they have. The possible impact of open source vulnerabilities ranges from minor to some of the largest breaches known.
"INSUFFICIENT LOGGING AND MONITORING"
Insufficient logging and monitoring vulnerability occur when the security-critical event is not logged off properly, and the system is not monitored. Lack of such functionalities can make malicious activities harder to detect and in turn affects the incident handling process.
Log monitoring is considered important for several reasons. One of the reasons includes Log monitoring can prevent downtime on your sites and servers. Log management tools analyze logs and find problems within them, allowing your site reliability engineers to spend more time solving problems and less time searching for them or responding in emergencies. Log monitoring can save your company valuable time and money.
That's all, hope you guys like this information.
ALSO READ :
Thank You !!