OWASP Top 10 Vulnerabilities
The OWASP Top 10 is a list of the 10 most common web application security risks. By writing code and performing robust testing with these risks in mind, developers can create secure applications that keep their users’ confidential data safe from attackers.
What Is OWASP?
OWASP, or the Open Web Application Security Project, is a nonprofit organization focused on software security. Their projects include a number of open-source software development programs and toolkits, local chapters and conferences, among other things. One of their projects is the maintenance of the OWASP Top 10, a list of the top 10 security risks faced by web applications.
OWASP Top 10 Vulnerabilities
1. Injection: — It include either a partial or complete SQL query via the data input or transmitted from the client to the web application.
When successful it can read sensate data from the database, manipulate it, and can even get admin privilege
· Types :-
o Authentication Bypass via SQLI: — By this method attacker can gain access without having credential, even the admin privilege by fooling the application using SQL injection.
§ Common SQL Commands: — 1=1 — , or 1=1 — , admin’ — , Username /Password :- ‘ or 1=1 — .
o Union Based SQL Injection: — The attacker need to create a SELECT statement similar to query. For this attack attacker must know name of table with number of column.
§ Command :- 1=1 —
o Command Execution: — This is manly due insufficient input validation left from developer ends, it’s possible when an application passes unsafe user supplied data example: — form, cookies etc.
2. Broken Authentication and Session Management: — When authentication and session management are often not implemented correctly, which allows attackers to compromise passwords and session tokens, most commonly in login pages, forgot password etc.
3. Cross-Site Scripting (XSS):- In this attacker uses a web application to send malicious code, generally in the form of browser side script, to a different end user. The end user’s browser has no way to know that the script should not be trusted and will execute the script. It can access any cookies, session tokes and other sensitive information that browser contains.
· Types of XSS :-
o Reflected XSS: — It occurs when user input is immediately retuned by a web application in an error message, search result or any other response, include mainly input provided by the user, and without permanently storing the user provided data. It sometime never leave the browser.
§ Command :- <script>alert (“1”)</script>
o Stored XSS :- It occurs when user input is stored on target server, like in database and then a victim is able to retrieve the data from web application without making any render in that data.
§ Command :- <script>alert (“1”)</script>
o DOM based XSS: — It stand for Document Object Mode. This happens when a web application cannot filter the user input which is further used by a script in the page. It allows an attacker to modify the document object model of web browser. In this XSS string is not present in the response from server.
4. Security Misconfiguration: — It’s a vulnerability that might occur in web server or database server configuration by which any internal detail made available external entities. It mainly due to loopholes left by developers.
5. Sensitive Data Exposure: — It’s a threat by which attackers can gain access to your sensitive data or any backup of that data. It can be in plain text or in hash form.
o Bypass Authentication by replacing /unauthenticated.php with /admin.php in URL
6. Missing Function Level Access Control: — When anyone who is an authorized system user, simply changes the URL or a parameter to a privileged function. It’s when developers forget to include proper code checks.
7. Cross-Site Request Forgery: — It’s an attack which forced end user to execute unwanted actions on a web application in which they’re currently authenticated. They need to do little social engineering such as mails or chat and if the victim is normal user a successful CSRF attack and this can cause effect like transferring funds.
8. Unvalidated Redirects and Forward: — It’s on websites which allow untrusted input that could cause the web application to redirect the request to a URL containing within untrusted input. It’s a basically a phishing scam by which attackers try to steal user credentials.
9. Unrestricted File Upload: — When this is on web application it allows user to upload any file without any restriction, by this attacker can upload a code file with malicious code and can get a complete system takeover. This data may trick the application into overwriting a critical file or storing the file in a bad location.
10. Click Jacking: — Also known as “UI redress attack”, it’s when attacker trick the user to click on a malicious website link while they click on their actually site, by this keystrokes can be hijacked. This can also trick us on bank or email site, ending by providing critical importation.
