First lets start on what is OWASP, The Open Web Application Security Project aka OWASP is a non-profit organization dedicated to providing unbiased, practical info about application security.
The OWASP Top 10 Web Application Security Risks was updated in 2017 to provide guidance to developers, security professionals and general public on the most critical vulnerabilities that are commonly found in web applications today, which can easily be exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers, web servers or mobile devices.
Most security professional in the industry will adherence to OWASP standards, meeting these Compliance Standards is the First Step Toward a more Secure environment.
Web application cyber attacks are now the most frequent pattern in confirmed breaches based on 2018 Verizon Data Breach Investigations Report. Many organizations struggle to implement an application security model because they simply don’t know or don’t understand where to start. A great way to start is by setting security policies based on discovering, reporting and remediating OWASP Top 10 vulnerabilities, these policies will decrease your risk of breach.
Attackers inject malicious code into your system.
- Broken Authentication:
poorly configured sessions & cookies that can be stolen.
- Sensitive Data Exposure:
Poorly protect sensitive data in Applications and APIs such as Patients Info.
- XML External Entity:
Poorly configured XML that can be use to disclose internal files
- Broken Access Control:
Improperly configured or missing restrictions that can allow unauthorized access
- Security Misconfiguration:
poor Security configuration such as passwords policies, patching or upgrading systems.
- Cross-Site Scripting:
inserting malicious scripts into your apps such as redirect users to malicious websites.
- Insecure deserialization:
Serialization is a process of converting an object into raw data (bytes) to abuse the logic on application. The reverse process is called deserialization.
- Using Components with Known Vulnerabilities:
Using open source, third-party components or outdated systems.
- Insufficient Logging & Monitoring:
Poorly Managed logs and ineffective integration of security incident.