OWASP Top 10 Vulnerabilities!
OWASP (Open web application Security Project).
Is an organization that publishes the list of top 10 vulnerabilities after every 3 years. So the most common OWASP Top 10 Vulnerabilities explained in simple wording so that everyone can understand what does these all mean and how it works.
1. Broken Access control:
In Simple words, it Mean you are doing any unauthorized thing due to any vulnerability caused by human error. The resources which is not available for us but still we can access it, called as broken access control.
For example; in Facebook, we have only access to create changes in our own account but due to any vulnerability in Facebook systems we can make changes in other user’s accounts.
2. Cryptographic Failure:
Cryptographic mean change of normal plan text to encrypted text (unreadable). So when we aren’t able to do proper encryption of text, the encrypted text can be decrypt easily it’s called as cryptographic failure.
For example, if we visit any website the information of that website is end to end encrypted between us and servers, so when someone decrypt that information between us, called as cryptographic failure.
3. Injection Vulnerability:
Mean when we put or enter any data and our server accepts it without verification it’s called as injection vulnerabilities. Like SQL Injection (make changes in code of database), Command injection (make changes in code of system to control servers). When we put any payload (actual data/code send to website during attack) in parameters (piece of data like search through URL) of website and it became executed at servers. Payload is attached inside the parameter to attack a website.
For example, we make malicious input query on any database and server accept it and execute it without any verification. It’s called Injection vulnerability. Like with the help of SQL Injection we can access any sql database and then delete it, modify it or make changes in that database.
4. Insecure design:
When we disable security parameters of any product design during development phase, when the design of website is not properly secure. its called as Insecure design vulnerability. This is considered as the most common vulnerable in OWASP Top 10 Vulnerabilities
5. Security Misconfiguration:
When we didn’t do proper security configuration in devices and systems. Like Enable unnecessary features and use of unsecure protocols (HTTP, FTP) and use of weak passwords. This is called as security misconfiguration.
6. Vulnerable and outdated software:
Mean when we do no proper regular updates. Sometimes companies use outdated plugins and software’s that became easily vulnerable. This is considered as the most vulnerable in OWASP Top 10 Vulnerabilities
7. Identification and Authentication failure:
When someone steals our cookies and uses it for access to our account and server allows it without any verification, it’s called as Identification and authentication. Like when we do save login information’s of accounts in browser and system store some cookies (where our login sessions are stored). So if someone steal those cookies and load it to their browser they can access account without login credentials. So when server can’t do proper authentication and verification it’s known as Identification and authentication failure vulnerability. Brute force attack (guessing of passwords) on account is also example of that.
8. Software and data integrity failure:
Data Integrity means the data remain unchanged and when someone codes or files and system didn’t verify it, called as Integrity failure.
For example when we use third party plugins, software or sources for the better performance or for functionality betterment on our web app or system, and which is not checking the data integrity. Like may be hacker already changed the hashes (digital fingerprint of file) of software or plugin. So if there is any change in hashes of software or system source it’s called as software and data integrity failure vulnerability.
9. Security login and monitoring failure:
Mean if we enable login and monitoring to see who did login again and again and from which IP address or to see if any kind of attack performed on our web app. So if we are unable to see those actions then vulnerability is known as security login and monitoring failure. This is considered as the common vulnerability of development stage in OWASP Top 10 Vulnerabilities
10. Server site request forgery (SSRF):
The request to specific page through URL of page is known as server site request. The server serve the unauthorized request is known as SSRF. Like if we want to go to groups on Facebook then Facebook server will take our request with URL of group page on Facebook and then open that required page. On the other hand, if server of Facebook is not properly configured and not validating URL and follow the path of our given URL request and give us details which is not in our permissions. Request through fake URL request and give access to internal data known as SSRF.
Conclusion of OWASP Top 10 Vulnerabilities:
https://www.youtube.com/@itzmunazah.So at the end I just want to say you Scammers are smart, so you have to be smarter. Stay aware with new threats and Vulnerabilities of cybersecurity world. So FOLLOW my blog https://munazajameel.site/blog/ for the latest awareness, protection tips and real learnings. Also you can content me or follow me on my other social media handles like tiktokhttps://www.tiktok.com/@itzmunazah?lang=en, instagramhttps://www.instagram.com/itzmunazah/?hl=en or YouTube https://www.youtube.com/@itzmunazah.
#Also you can visit OWASP official website for better learnings and understanding! https://owasp.org/
