OWASP stands for Open Web Security Project. It is an international non profit organization which is dedicated to web application security. All the materials available here will be open to everyone through their websites which makes it possible for anybody to improve their Web Application Security. OWASP has listed down top 10 security risks which are as follows :-
This attack can happen when a user injects any untrusted data to an application through a form input. If this form input is not secured properly, this may result in an attack known as SQL Injection wherein the attacker might enter an SQL query instead of the expected form input in order to get hold of the data within
2. Broken Authentication
If the authentication system for login is faulty then attackers can easily get access to the entire system through its admin login. They may try with a list of available username password combinations to get a valid login.
3. Sensitive Data Exposure
Attackers are constantly on the lookout for sensitive data especially financial information and passwords. If they get access to that data then it can easily be used for monitory benefit of the attacker.
4. XML External Entities (XEE)
This attack mainly targets web applications that deal with XML input. This input may be referencing an external entity like hard disks. Thus an XML parser can be easily duped to send data to unauthorized hard disks thereby passing sensitive data directly to the attacker.
5. Broken Access Controls
In this type of attack, attackers bypass authorization and enter as privileged users into a system that control access to information.
6. Security Configuration
This mainly occurs while using default configurations/settings or when displaying overly descriptive errors which may reveal the vulnerabilities in the application to attackers.
7. Cross-site Scripting
8. Insecure De-serialization
This attack mainly targets web applications that serialize and de-serialize data.
9. Using Components with Known Vulnerabilities
This attack takes place through components such as libraries and frameworks used in web applications. Vulnerabilities in these components are exploited by attackers.
10. Insufficient Logging and Monitoring
Many data breaches go unnoticed for a long time giving attackers sufficient time to cause enough damage before any responses. Thus developers should follow best practices to implement logging and monitoring and also incident response.