Security

Top 5: Security risks associated with web apps

Raising awareness of these risks, identified by the Open Web Application Security Project, can help build a culture of secure code in your organization.

The Open Web Application Security Project (OWASP) puts out a regular list of the top 10 most critical web application security risks with the hopes of raising awareness and helping organizations develop a culture of more secure code.

With that in mind, let's take a look at the top five:

1. Broken Access Control

This means that restrictions on authenticated users are not properly enforced, leading to one user able to see other users' files or modify other users data.

2. XML External Entities

Fun to say, not fun when it happens. This occurs when older or badly configured XML processors evaluate external entity references within XML docs. That can expose internal files and allow for internal port scanning, remote code execution, and denial of service attacks.

SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)

3. Sensitive Data Exposure

This is where sensitive data is not encrypted in transit or at rest, leaving it exposed for attackers to steal or modify.

4. Broken Authentication

If authentication and session management is implemented wrong, attackers can compromise passwords, keys or session tokens and assume other users' identities.

5. Injection

Whether it's SQL, NoSQL, OS, or LDAP, an untrusted dataset gets sent to an interpreter tacked on to a command or query, tricking the interpreter into executing unintended commands or accessing data without authorization.

Those are just the top five. If you don't want to be the next headline because of a data breach, get the full top 10 list from OWASP and use it to raise awareness in your team.

Also see:

istock-639242220-1.jpg
Image: iStock/Natali_Mis

About Tom Merritt

Tom is an award-winning independent tech podcaster and host of regular tech news and information shows. Tom hosts Sword and Laser, a science fiction and fantasy podcast, and book club with Veronica Belmont. He also hosts Daily Tech News Show, coverin...

Editor's Picks

Free Newsletters, In your Inbox