What is Web Application and OWASP?

OWASP

OWSAP – Open Web Application Security Project is a non-profit organization that dedicates web application security.

What is the OWASP Top 10?

It lists out the top 10 vulnerabilities and shows their risks, impacts, and countermeasures. It is updated every 3 – 4 years with the latest vulnerabilities.

Although in 2020 the world has been taken by a storm due to the pandemic COVID19. The people around the world whether the employees or students all were working from home. So since the home networks are not that secure compared to the official network so the chances of breach increases. Here we highlight the top 10 vulnerabilities as per OWASP.

The Top 10 OWASP vulnerabilities in 2020 are:

  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access control
  • Security misconfigurations
  • Cross-Site Scripting (XSS)
  • Insecure Deserialization
  • Using Components with known vulnerabilities
  • Insufficient logging and monitoring

Source: https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/

Injection

A code injection happens when an attacker sends invalid data to the web application with the intention to make it do something that the application was not designed/programmed to do.

Broken Authentication

It is an umbrella term where several vulnerabilities where attackers exploit to impersonate legitimate users online.

Sensitive Data Exposure

It consists of compromising data that should have been protected.

XML External Entities (XXE)

This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

Broken Access control

The vulnerabilities that exist when a user can, in fact, access some resource or perform some action that they are not supposed to be able to access.

Security misconfigurations

It occurs when a web application component is susceptible to attack due to a misconfiguration or insecure configuration option.

Cross-Site Scripting (XSS)

It is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.

Insecure Deserialization

A vulnerability which occurs when untrusted data is used to abuse the logic of an application, inflict a denial of service (DoS) attack, or even execute arbitrary code upon it being deserialized.

Using Components with known vulnerabilities

Vulnerabilities that were discovered in open source components and published in the NVD, security advisories or issue trackers.

Insufficient logging and monitoring

Insufficient logging, detection, monitoring and active response occurs at any time: * Auditable events, such as logins, failed logins, and high-value transactions are not logged.

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolssFacebook: https://www.facebook.com/DTdoctoolss/| Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

What is Vulnerability Management?

Vulnerability management (VM) which is a program that consists of a variety of technologies that identify, evaluates, treats, and reports on security vulnerabilities in a system. There are tools that are used to identify Cyber Exposure risks across an entire organization, and aligns them with your operational goals and objectives.

In cyberseuirty terms there are some important good to know what vulnerabilities, threats, and exploits mean:

  • Cybersecurity Vulnerabilities. A vulnerability is a potential weakness in a security architecture that opens an organization or individual to cyberattacks.
  • Cybersecurity Threats. “Cybersecurity threat” refers to a combination of tools and methods involved in a cyberattack. These threats are not inherent to the network. Instead, they leverage vulnerabilities on the network.
  • Cybersecurity Exploits. Exploits are those when a cybersecurity threat is applied to a vulnerability to conduct some form of malicious activity. Impacts of these exploits may vary by threat and vulnerability type.

LifeCycle of VM

Find below the phases of the Vulnerability Management Lifecycle:

PHASE 1 – The Cloud Platform that provides multiple technologies, including scanner appliances, agents, sensors, and connectors to help you detect and discover both on-premise and cloud-based host assets.

PHASE 2 – The scanners, agents, sensors, and connectors work together to identify host assets throughout your entire enterprise architecture.

PHASE 3 – The primary objective of the assessment phase is to find vulnerabilities on the host assets in your VM subscription.

PHASE 4 – Regardless of the data collection techniques you use, all findings are securely stored in the Cloud Platform, where reporting tools and features allow you to identify the vulnerabilities that pose the greatest risk to your organization, and share these findings with your patch and operational teams.

PHASE 5 – The remediation tools and features built-in to the VM application, will help you to prioritize detected vulnerabilities and identify the vulnerabilities that have been successfully mitigated.

PHASE 6 – Verify any vulnerabilities that have been patched or fixed. This task is performed automatically every time a scanner appliance, agent or sensor provides new assessment data to the Cloud Platform.

Note: The above information on VM lifecycle has been taken from Qualys Training sites, for more information , please click here.

To know more about VM or its best practices please connect with us below.

We make Technology Eazy via Docs

About DocTooLss :

We make Technology EaZy via Docs” 

Follow us @doctools8 | WordPress: www.doctoolss.wordpress.com | Website: www.doctoolss.com| Tumblr: https://www.tumblr.com/blog/doctoolss | Medium: https://medium.com/@doctoolss| Facebook: https://www.facebook.com/DTdoctoolss/  | Linkedin: https://www.linkedin.com/in/doc-tools-a302311a9/

Website Built with WordPress.com.

Up ↑

Create your website with WordPress.com
Get started