If you are responsible for the development, security, or operation of a web application, becoming familiar with the OWASP Top 10 is a critical step to protecting that app.
We have taken it one step further. OWASP Top 10, and Beyond.
We’ve sent you an email with a link to the eBook. You can also download it here.
Injection, the root cause of 71% of web app breaches, is a common class of vulnerability where insufficiently sanitized input provided by external sources contains hidden application commands from an attacker. Because the web application is not properly filtering the input, it allows injected commands to be passed through to either the local system or a dependent one.
Accurately knowing who a user is (authentication) and what they are allowed to do (authorization) are foundational concepts of security that complement each other. Authentication mechanisms – typically passwords - are some of the most targeted through phishing, brute force, credential stuffing and others.
Sensitive data exposure is an information leakage problem. The sensitivity of what is leaked can vary, but divulging any information about how a web application is designed (error messages, file paths, etc.) to an attacker is a bad idea. This kind of information is low-hanging fruit for automated scanners and ripe for exploitation.
In this webinar you will learn: