The Open Web Application Security Project (OWASP) puts out a regular list of the top 10 most critical web application security risks with the hopes of raising awareness and helping organizations develop a culture of more secure code.
With that in mind, let's take a look at the top five:
1. Broken Access Control
This means that restrictions on authenticated users are not properly enforced, leading to one user able to see other users' files or modify other users data.
2. XML External Entities
Fun to say, not fun when it happens. This occurs when older or badly configured XML processors evaluate external entity references within XML docs. That can expose internal files and allow for internal port scanning, remote code execution, and denial of service attacks.
SEE: IT leader's guide to cyberattack recovery (Tech Pro Research)
3. Sensitive Data Exposure
This is where sensitive data is not encrypted in transit or at rest, leaving it exposed for attackers to steal or modify.
4. Broken Authentication
If authentication and session management is implemented wrong, attackers can compromise passwords, keys or session tokens and assume other users' identities.
Whether it's SQL, NoSQL, OS, or LDAP, an untrusted dataset gets sent to an interpreter tacked on to a command or query, tricking the interpreter into executing unintended commands or accessing data without authorization.
Those are just the top five. If you don't want to be the next headline because of a data breach, get the full top 10 list from OWASP and use it to raise awareness in your team.
- Report: When it comes to web apps, healthcare is the biggest target for hackers (TechRepublic)
- Report: These business web apps dominated the market in 2017 (TechRepublic)
- Report: 99.7% of web apps have at least one vulnerability (TechRepublic)
- Microsoft tees up Windows 10 support of Progressive Web Apps (ZDNet)
Tom is an award-winning independent tech podcaster and host of regular tech news and information shows. Tom hosts Sword and Laser, a science fiction and fantasy podcast, and book club with Veronica Belmont. He also hosts Daily Tech News Show, covering the most important tech issues of the day with the smartest minds in technology.