Image for the post: OWASP top 10 2017

OWASP top 10 2017

28 June 2017 Estimated reading time: 1 minutes Web security 

The OWASP Top 10 is a list of the most common web application security risks, as identified by the Open Web Application Security Project (OWASP). The list is intended to educate developers and security professionals about the most critical security risks facing web applications and provide guidance on how to prevent and mitigate these risks. The OWASP Top 10 is updated every few years to reflect the current state of web application security.

The OWASP Top 10 2017 edition consists of the following risks:

  1. Injection: Injection attacks occur when an attacker injects malicious code into a web application, allowing them to execute arbitrary commands or access sensitive data.

  2. Broken Authentication and Session Management: This category includes vulnerabilities that allow attackers to gain unauthorized access to a web application, often by exploiting weak or poorly implemented authentication and session management controls.

  3. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious code into a website, which is then executed by unsuspecting users who visit the site.

  4. Insecure Direct Object References: This type of vulnerability allows attackers to access sensitive data or perform actions that they should not be authorized to do.

  5. Security Misconfiguration: This category includes vulnerabilities that result from incorrect or incomplete configuration of web applications, servers, or other security controls.

  6. Sensitive Data Exposure: This category includes vulnerabilities that expose sensitive data, such as passwords, financial information, or personal data, to unauthorized parties.

  7. Cross-Site Request Forgery (CSRF): CSRF attacks involve tricking users into performing actions that they did not intend to do, often by disguising the attack as a legitimate request.

  8. Using Components with Known Vulnerabilities: This category includes vulnerabilities that result from using software or libraries that have known vulnerabilities that have not been properly patched or updated.

  9. Insufficient Logging and Monitoring: This category includes vulnerabilities that result from a lack of sufficient logging and monitoring, which makes it difficult to detect and respond to security incidents.

  10. Failure to Restrict URL Access: This type of vulnerability allows unauthorized users to access restricted areas of a web application.

It's important to note that the OWASP Top 10 is not an exhaustive list of all web application security risks, but rather a list of the most common and critical risks. It is important for organizations to regularly assess and address these risks in order to secure their web applications and protect sensitive data.