Today, web
application has become more common in use. Most of the business has been registered
there presence on the Internet and the important thing is, most of them are
getting noticed by their target users. Users are also feeling comfortable on
these websites as they are having a lot of advantage over there. For example,
they can save their time and money or they can do research on comparing
services or price before opting for any service.
Despite
their advantages, web applications do have a number of security concerns which
comes from improper coding. Serious weakness or vulnerabilities, allow hackers
to gain direct and public access to database. A hacker can quickly access the
data residing on the database through a dose of creativity and, with luck,
negligence or human error, leading to vulnerabilities in the web applications.
If web applications are not secure, i.e., vulnerable to, at least one of
the various forms of hacking techniques, then your entire database of sensitive
information is at serious risk. Some hackers, for example, May maliciously
inject code within vulnerable web applications to trick users and redirect them
towards phishing sites. This technique is called Cross-Site Scripting and may
be used even though the web servers and database engine contain no
vulnerability themselves.
The Open Web Application Security Project (OWASP) is an online community
dedicated to web application security. The OWASP community includes corporate,
educational organizations, and individuals from around the world. This community works to creates freely-available articles, methodologies, documentation,
tools, and technologies. The OWASP Top 10 is a powerful awareness document for
web application security. This represents a broad consensus about what the most
critical web application security flaws are. Project members include a variety
of security experts from around the world who have shared their expertise to
produce this list.
Following are the top 10 vulnerability categories listed by OWASP in 2013:
A1 Injection
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross Site Request Forgery
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards
OWASP also provide ways to mitigate all these risks but they are very generic in nature and you may have to implement your own mitigation technique depending upon your environment like OS, database, application server and programming language.
No comments:
Post a Comment