Close Menu
Read Us 24×7
    What's Hot
    New Exciting Games Coming To Nintendo Switch

    10 New Exciting Games Coming To Nintendo Switch In December 2023

    December 2, 2023
    Lenovo Legion Go Review

    Lenovo Legion Go Review: The Future of Handheld Gaming

    December 2, 2023
    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

    December 2, 2023
    Facebook X (Twitter) Instagram Pinterest LinkedIn
    Trending
    • 10 New Exciting Games Coming To Nintendo Switch In December 2023
    • Lenovo Legion Go Review: The Future of Handheld Gaming
    • Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability
    • Evernote Drops Bombshell on Free Users – 50 Notes, One Notebook Limit!
    • Critical Security Exploit! Update Your Chrome Browser Now to Protect Your Data
    • Claude AI vs ChatGPT: Who Will Win the AI Chatbot War?
    • 5 Personalised Gift Ideas for Loved Ones This Christmas
    • Windows 11 Trials Energy Saver Mode For Both Laptops And Desktop PCs
    Facebook X (Twitter) Instagram Pinterest LinkedIn
    Read Us 24×7
    • Home
    • Technology
      Lenovo Legion Go Review

      Lenovo Legion Go Review: The Future of Handheld Gaming

      December 2, 2023
      Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

      Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

      December 2, 2023
      Evernote Drops Bombshell on Free Users

      Evernote Drops Bombshell on Free Users – 50 Notes, One Notebook Limit!

      December 2, 2023
      Update Your Chrome Browser Now to Protect Your Data

      Critical Security Exploit! Update Your Chrome Browser Now to Protect Your Data

      December 2, 2023
      Claude AI vs ChatGPT

      Claude AI vs ChatGPT: Who Will Win the AI Chatbot War?

      December 2, 2023
    • Business
      Loans

      Bridging Gaps: How Loans Provide Instant Financial Relief

      November 29, 2023
      Staffing Agencies in San Antonio

      Finding the Perfect Fit: Staffing Agencies in San Antonio

      November 27, 2023
      Will There Be A Recession In 2024

      Will There Be A Recession In 2024? (The Shocking Truth)

      November 24, 2023
      Financial Twists

      Money Matters: Responding Effectively to Short-Term Financial Twists

      November 24, 2023
      Forex markets

      Global Odyssey: Navigating Forex Markets Across the World

      November 18, 2023
    • Entertainment
      Home and Away spoilers

      Home and Away Twist: Spoilers Drop Shocking Clues About Remi’s Future

      November 29, 2023
      Strongest Characters In Jujutsu Kaisen Anime

      11 Strongest Characters In Jujutsu Kaisen Anime (Till Now)

      November 24, 2023
      Toji Fushiguro vs Gojo

      Toji Fushiguro vs Gojo: Was Toji Fushiguro Killed By Gojo?

      November 24, 2023
      Sukuna Vs Rika

      Sukuna Vs Rika: Is Sukuna Stronger Than Rika?

      November 24, 2023
      Satoru Gojo Vs Geto Suguru

      Satoru Gojo Vs Geto Suguru: Who Would Win In Jujutsu Kaisen?

      November 24, 2023
    • Lifestyle
    • Travel
    • Tech Q&A
    Read Us 24×7
    Home » OWASP Top 10 Web Application Security Vulnerabilities in 2023
    Technology

    OWASP Top 10 Web Application Security Vulnerabilities in 2023

    Sayan DuttaBy Sayan DuttaAugust 26, 2023Updated:September 13, 20236 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Reddit Email WhatsApp
    OWASP Top 10
    Share
    Facebook Twitter LinkedIn Pinterest Email Reddit WhatsApp

    It is important to keep up with the most critical security issues and vulnerabilities when running a web site. In reality, all web applications are susceptible to anything. Knowing which vulnerabilities are the most exploited and how risk management will enable you to protect your web application.

    What is OWASP?

    An international, not-for-profit organization dedicated to web application protection is the Open Web Application Security Project or OWASP. An online community that publishes web application security researches. One of the fundamental concepts of OWASP is that their resources are freely available on their websites so that anyone can enhance their protection on their own web applications.

    What is the OWASP Top 10?

    The OWASP considers the top 10 a ‘list of importance,’ and suggests that all organizations use the report in their processes to reduce security risks. OWASP Top 10 is the list of the 10 most common application vulnerabilities.

    Top 10 OWASP Vulnerabilities in 2020 are:

    1. Injection

    The attacker sends invalid data through input or some other data submission to the website client, this is when the code injection takes place.

    Check out: SQL injection cheat sheet

    One Most common example around this security vulnerability is the SQL query consuming untrusted data. You can see one of OWASP’s examples below:

    String query = “SELECT * FROM accounts WHERE custID = ‘” + request.getParameter(“id”) + “‘”;

    By calling up the web page executing it can be exploited easily.

    http://example.com/app/accountView?id=’ or ‘1’=’1

    causing the return of all the rows stored on the database table.

    Validation and/or sanitization of data submitted by users will avoid injection attacks. (Validation means the denial of questionable data while sanitizing the cleanup of suspicious data bits)

    2. Broken Authentication

    Authentication (login) system vulnerabilities allow attackers to access user accounts and even to access an entire system with administrative rights. Websites with vulnerabilities to broken authentication are very common on the Internet.

    Avoid making the login page for administrations open to all users of the website to reduce broken authentication risks:

    • /administrator on Joomla!,
    • /wp-admin/ on WordPress,
    • /index.php/admin on Magento,
    • /user/login on Drupal.

    In certain cases, two-way authentication (2FA) and repeated attempts to login are required to mitigate authentication vulnerabilities.

    3. Sensitive Data Exposure

    If web applications don’t protect sensitive data such as

    • Credentials
    • Credit card numbers
    • Social Security Numbers
    • Medical information
    • Personally identifiable information (PII)
    • Other personal information

    Attackers may access and use it for that data for adverse purposes. The risk of data leakage can be reduced if all sensitive data are encrypted and caching(Caching is the process of re-use data temporarily) sensitive information is disabled. 

    4. XML External Entities (XEE)

    It’s an attack on an XML input web program. Such knowledge may apply to an external party that tries to take advantage of a flaw in the parser. This arises when a weakly designed XML parser processes XML input containing a reference to an external entity.

    XEE Attack Vectors

    • Vulnerable XML Processors
    • Vulnerable code
    • Vulnerable dependencies
    • Vulnerable integrations

    Websites that support a less complicated data form such as JSON, or at least patch XML parsers and disable the use of external entities within an application XML, are the best ways to avoid XEE attacks.

    5. Broken Access Control

    In the protection of the website, access control means restricting the parts or pages that visitors can enter in compliance with their requirements. Controls for broken access allow attackers to bypass permissions and perform tasks as privileged users, such as administrators.

    Examples of Broken Access Control

    Here are some examples of what we consider to be “access”:

    • Access to a hosting control / administrative panel
    • Access to a server via FTP / SFTP / SSH
    • Access to a website’s administrative panel
    • Access to other applications on your server
    • Access to a database

    Attackers can exploit authorization flaws to the following:

    • Access unauthorized functionality and/or data
    • View sensitive files
    • Change access rights

    Access controls can be protected by the use and strict monitoring of authorisation tokens * by a web application.

    6. Security Misconfiguration

    The most common security flaw in the list is security misconfiguration and is mostly the product of default configurations. Today’s CMS systems can be daunting from a security point of view. The most common attacks are by far fully automated. Many of those attacks are based on the default configuration of users.

    Most Commons are:

    • Unpatched Flaws
    • Default configurations
    • Unused pages
    • Unprotected files and directories
    • Unnecessary services

    It can be minimized by eliminating redundant application features and ensuring error messages are more general.

    7. Cross-Site Scripting (XSS)

    Cross-Site Scripting (XSS), which affects many web-based applications, is a commonly used vulnerability. XSS attacks include the implementation of malicious client scripts on the website as a propagation tool. The dangers of XSS are that they allow an attacker to insert code into a website and change the display, forcing the browser of a victim to execute the code that the attacker gives when loading the website.

    Cross-site scripting can be eliminated by escaping untrusted HTTP requests and validating and/or content created by users. Using modern web development frameworks such as ReactJS and Ruby on Rails, you can also secure cross-site scripting.

    Check Also: Magento SEO Tips to Get Organic Traffic

    8. Insecure Deserialization

    Serialization involves taking and transforming objects from the Computer Code into a format that can be used for a particular purpose, like storing or streaming data on a disk. Deserialization is the other way round: translating serialized data into objects which can be used by the application.

    The unpredictable manipulation of deserialization is the result of the deserializing of data from undesirable sources that may lead to severe impacts such as DDoS attacks and remote code execution attacks.

    It is best not to accept serialized objects from untrusted sources to protect your web application from this form of danger.

    9. Using Components With Known Vulnerabilities

    All should understand that the lack of upgrading every piece of website software would inevitably contribute to significant security threats sooner rather than later. Thousands of websites make use of some of the most common components; a security flaw in one of these components may make the websites vulnerable to being exploited.

    19-sucuri-2019-hacked-report
    SUCURI

    In order to reduce the risk of running components that have known vulnerability, developers should exclude unused parts from their projects, and ensure that components are obtained from a trustworthy source and are up to date.

    10. Insufficient Logging And Monitoring

    Most web applications may not take appropriate measures to identify data breaches. The average time it takes to discover a violation is about 200 days. Without effective logging and tracking, harm to a website compromise will increase. 

    OWASP suggests that web developers should implement logging and tracking and incident response plans so that their systems are aware of attacks.

    OWASP
    Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
    Previous Article5 Best Password Managers for 2023 (Why I Prefer Them)
    Next Article How to Motivate Your Construction Workers [Guide 2023]
    Sayan Dutta
    • Website
    • Facebook
    • X (Twitter)
    • Pinterest
    • Instagram
    • LinkedIn

    I am glad you came over here. So, you want to know a little bit about me. I am a passionate digital marketer, blogger, and engineer. I have knowledge & experience in search engine optimization, digital analytics, google algorithms, and many other things.

    Related Posts

    Lenovo Legion Go Review
    Technology

    Lenovo Legion Go Review: The Future of Handheld Gaming

    December 2, 2023
    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability
    Technology

    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

    December 2, 2023
    Evernote Drops Bombshell on Free Users
    Technology

    Evernote Drops Bombshell on Free Users – 50 Notes, One Notebook Limit!

    December 2, 2023

    Table of Contents

    • What is OWASP?
    • What is the OWASP Top 10?
    • Top 10 OWASP Vulnerabilities in 2020 are:
      • 1. Injection
      • 2. Broken Authentication
      • 3. Sensitive Data Exposure
      • 4. XML External Entities (XEE)
      • 5. Broken Access Control
      • 6. Security Misconfiguration
      • 7. Cross-Site Scripting (XSS)
      • 8. Insecure Deserialization
      • 9. Using Components With Known Vulnerabilities
      • 10. Insufficient Logging And Monitoring

    Top Posts

    New Exciting Games Coming To Nintendo Switch

    10 New Exciting Games Coming To Nintendo Switch In December 2023

    December 2, 2023
    Lenovo Legion Go Review

    Lenovo Legion Go Review: The Future of Handheld Gaming

    December 2, 2023
    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

    Apple Drops Surprise iOS 17.1.2 Update to Address Major Vulnerability

    December 2, 2023
    Evernote Drops Bombshell on Free Users

    Evernote Drops Bombshell on Free Users – 50 Notes, One Notebook Limit!

    December 2, 2023
    Popular in Social Media
    WhatsApp’s “View Once” Feature is Back for Desktop Users

    WhatsApp’s “View Once” Feature is Back for Desktop Users

    November 28, 2023
    Nasty Phishing Scam is Circling Facebook and TikTok

    Beware! Nasty Phishing Scam is Circling Facebook and TikTok

    November 22, 2023
    Invite Collaborator Instagram Not Showing

    Fix ‘Invite Collaborator Instagram Not Showing’ Issue [2023]

    November 9, 2023
    New in Health
    Mind-Blowing Health Benefits Of Ghee In Winter

    7 Mind-Blowing Health Benefits Of Ghee In Winter

    November 30, 2023
    Mistyinfo.com Health

    Mistyinfo.com Health: Your Passport to a Healthier and Happier You in 2023

    November 17, 2023
    WellHealth

    WellHealth How to Build Muscle Tag? (Explained)

    November 17, 2023

    google news

    google-play-badge

    Protected by Copyscape

    DMCA.com Protection Status

    Facebook X (Twitter) Instagram Pinterest
    • Terms of Service
    • Privacy Policy
    • Contact Us
    • About
    • Sitemap
    • Write For Us
    • Submit Press Release
    Copyright © 2023 - Read Us 24x7

    Type above and press Enter to search. Press Esc to cancel.