Home / Top 10 critical web security problems

Top 10 critical web security problems

The Open Web Application Security Project has released a list of the top 10 web vulnerabilities. Unvalidated parameters are number one on the list.

The Open Web Application Security Project (OWASP) has released a list of the top 10 web vulnerabilities. Unvalidated parameters, which mean that information from web requests is not validated before being used by a web application, are number one on the list. Attackers can use such flaws to attack backside components through a web application.

OWASP, a voluntary open source group, has released the list in order to help organisation avoid the most serious vulnerabilities. These flaws are seen to be as serious as network security problems and should be given the same degree of attention.

“These flaws are surprisingly common and can be exploited by unsophisticated attackers with easily available tools. When an organisation deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Therefore, web application code is part of the security perimeter and cannot be ignored,” the group says.

The complete Top 10 is as follows:

1) Unvalidated parameters
2) Broken access control
3) Broken account and session management
4) Cross-site scripting (xss) flaws
5) Buffer overflows
6) Command injection flaws
7) Error handling problems
8) Insecure use of cryptography
9) Remote administration flaws
10) Web and application server misconfiguration

Follow us to get the most comprehensive technology news in UAE delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018