OWASP Security Standard: What It Means And How It Can Help You

OWASP, or Open Web Application Security Project, is a global non-profit organization. Dedication to web application security is their mantra. OWASP has materials that make it easier for developers to understand how they can improve on the security side of their own web application. These materials can be accessed freely on their very own website (www.owasp.org), also these materials include Presentations, Projects, Video, Books, and Downloads. For example, one of their best-known projects is called the OWASP Top 10, which is a yearly release created by the top experts in the globe in the topic of web application security with their most recent release being 2017. It outlines the top 10 security risks found during the course of the year with new developing technologies. To list, the top 10, from greatest threat to least, include:

Top 10 Greatest Threats

  • Injection
    When untrusted data is sent to an interpreter, this occurs. Attackers use this untrusted data to trick the interpreter into executing unwanted queries.
  • Broken Authentication
    With authentication flaws in the system, an attacker can compromise passwords, keys, or session tokens.
  • Sensitive Data Exposure
    APIs that do not protect sensitive data, such healthcare information. Also, using the same method, attackers can steal payment information and/or commit identity theft.
  • XML External Entities
    External entities can disclose internal files using the file URI handler, and have denial of service attacks.
  • Broken Access Control
    Having no restrictions on access controls is not a good idea. So that, allows Authenticated users to do anything they please. Attackers can exploit the flaws to access unauthorized data.
  • Security Misconfiguration
    Evidently, this is the most common issue, due to insecure default configurations, incomplete configurations, open cloud storage, misconfigured HTTP headers, and error messages containing sensitive information.
  • Cross-Site Scripting
    XSS allows attackers to execute scripts in the victim’s browser to hijack user sessions.
  • Insecure Deserialization
    Leads to remote code execution
  • Using Components with Known Vulnerabilities
    Also, this includes using libraries, frameworks, and modules.
  • Insufficient Logging & Monitoring
    Ineffective integration, which allows attackers to further attack systems.

In conclusion, all this information could mean to a developer is that they know there are experts who are more proficient on the security side of web applications that share their expertise openly on OWASP. The developer can go back and secure their own application to lower the amount of loopholes in their system that attackers can exploit.

«Back to Blogs & Articles


Like the post? Share it:
David Lopez
David Lopez

Motivated and proven developer in both Mobile and Web Development. Developed Web Applications in PHP, JS, HTML, Java, Swift, C#, and Angular. Highly experienced using AWS and proven with a certification for Developer Associate.