OWASP Archives - Page 2 of 4 - Prepaid Academy: Prepaid Program Management LLC

Example Scenario – Cross Site Scripting (XXS)

Example Scenario – Cross Site Scripting (XXS) Scenario #1: The application uses untrusted data without validation or escaping, in the following HTML snippet: (String) page += “<input name=’creditcard’ type=’TEXT’ …

[Continue Reading...]

How to Prevent – Cross Site Scripting (XXS)

How to Prevent – Cross Site Scripting (XXS) In order to prevent XSS, it is important to separate untrusted data from active browser content. This separation can be achieved …

[Continue Reading...]

More Resources – Security Misconfiguration

More Resources – Security Misconfiguration OWASP Resources OWASP Testing Guide: Configuration Management OWASP Testing Guide: Testing for Error Codes OWASP Security Headers Project For additional requirements in this area, …

[Continue Reading...]

Example Scenarios – Security Misconfiguration

Example Scenarios – Security Misconfiguration Scenario #1: Default sharing permissions are open to the Internet on a Cloud Service Provider. This allows sensitive data stored within cloud storage to …

[Continue Reading...]

How to Prevent – Security Misconfiguration

How to Prevent – Security Misconfiguration Prevention boils down to proper implementation of security measure during installation, upgrades or major changes. Here are some preventive steps to take against …

[Continue Reading...]

More Resources – Broken Access Control

More Resources – Broken Access Control OWASP Resources OWASP Proactive Controls: Access Controls OWASP Application Security Verification Standard: V4 Access Control OWASP Testing Guide: Authorization Testing OWASP Cheat Sheet: …

[Continue Reading...]

Example Scenarios – Broken Access Control

Example Scenarios – Broken Access Control Scenario #1: Assume the application is accessing account information in a SQL call using unverified data: pstmt.setString(1, request.getParameter(“acct”)); ResultSet results = pstmt.executeQuery( ); …

[Continue Reading...]

How to Prevent – Broken Access Control

How to Prevent – Broken Access Control Access control measures are only effective where the attacker cannot modify the access control check or metadata. This can effectively done only …

[Continue Reading...]

More Resources – XML External Entities (XXE)

More Resources – XML External Entities (XXE) OWASP Resources OWASP Application Security Verification Standard OWASP Testing Guide: Testing for XML Injection OWASP XXE Vulnerability OWASP Cheat Sheet: XXE Prevention …

[Continue Reading...]

Example Scenarios – XML External Entities (XXE)

Example Scenarios – XML External Entities (XXE) Scenario #1: An attacker attempts a denial-of-service attack by including a potentially endless file: <!ENTITY xxe SYSTEM “file:///dev/random” >]> Scenario #2: The …

[Continue Reading...]

Topic Category: OWASP