Lesson Category: OWASP

Conclusion

Conclusion The Top 10 List covers a wide range of risks. But many other risks exist that may be worth considering and evaluating within the specific context of your …
[Continue Reading...]

Insecure Deserialization

2021 OWASP Top 10 Course Logo
Insecure Deserialization If applications and APIs deserialize hostile or tampered objects supplied by an attacker it will make them vulnerable. This can result in two primary types of attacks: …
[Continue Reading...]

Cross Site Scripting (XXS)

Cross Site Scripting (XXS) Cross-Site Scripting (XSS) attacks are a type of injection attack, in which malicious scripts are injected into trusted and otherwise benign web sites. An attacker …
[Continue Reading...]

Security Misconfiguration

Security Misconfiguration If security systems or protocols are misconfigured, it defeats the purpose of having them in the first place. But, quite often that is exactly what happens. Security …
[Continue Reading...]

Broken Access Control

Broken Access Control Access control mechanisms ensure that users cannot perform business or system functions outside of their intended permissions. Access Control failures typically lead to unauthorized information disclosure, …
[Continue Reading...]

XML External Entities (XXE)

XML External Entities (XXE) XML-based web services and applications might be vulnerable to this form of attack. Even downstream integrations might be vulnerable. For instance, if the application accepts …
[Continue Reading...]

Sensitive Data Exposure

Sensitive Data Exposure It is important to protect Sensitive Data both in transit and at rest. Sensitive information like passwords, credit card numbers, health records, personal information and business …
[Continue Reading...]

Broken Authentication

Broken Authentication This type of vulnerability occurs when there are weaknesses during Authentication, Confirmation of the user’s identity, and session management. There are several simple and easily overlooked ways …
[Continue Reading...]