Top 10 critical web security problems
The Open Web Application Security Project has released a list of the top 10 web vulnerabilities. Unvalidated parameters are number one on the list.
The Open Web Application Security Project (OWASP) has released a list of the top 10 web vulnerabilities. Unvalidated parameters, which mean that information from web requests is not validated before being used by a web application, are number one on the list. Attackers can use such flaws to attack backside components through a web application.
OWASP, a voluntary open source group, has released the list in order to help organisation avoid the most serious vulnerabilities. These flaws are seen to be as serious as network security problems and should be given the same degree of attention.
“These flaws are surprisingly common and can be exploited by unsophisticated attackers with easily available tools. When an organisation deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Therefore, web application code is part of the security perimeter and cannot be ignored,” the group says.
The complete Top 10 is as follows:
1) Unvalidated parameters
2) Broken access control
3) Broken account and session management
4) Cross-site scripting (xss) flaws
5) Buffer overflows
6) Command injection flaws
7) Error handling problems
8) Insecure use of cryptography
9) Remote administration flaws
10) Web and application server misconfiguration