Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Top 20 OWASP vulnerabilities & how to fix them - Infographic


Published on

Top 20 OWASP vulnerabilities and how to fix them pt1 - Infographic

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Top 20 OWASP vulnerabilities & how to fix them - Infographic

  1. 1. OWASP VULNERABILITIES [AND HOW TO FIX THEM ] SQL -I INJECTION PROBLEM SQL Injection may result in data loss or corruption, lack of accountability, or denial of access. Injection can sometimes lead to complete host takeover. CROSS SITE :2 (XSS) SCRIRTINO PROBLEM XSS vulnerabilities can allow attackers to capture user information and/ or inject HTML code into the vulnerable web application. INFORMATION 5; LEAKAGE PROBLEM Leakage of system data or debugging infonnation through an output stream or logging function can allow attackers to gain knowledge about the application and craft specialized attacks on the it. FRAME ll INJECTION PROBLEM Improper validation of input parameters could lead to attackers injecting frames to compromise confidential user information. Frame injection is a common method employed in phishing attacks. URL :5 REDIRECTION PROBLEM While it's common for web applications to redirect or forward users to other websites/ pages, attackers commonly exploit vulnerable applications without proper redirect validation in place. This can lead to malicious redirection to an untrusted page. MISSING 6 SESSION TIMEOUT PROBLEM Attackers may gain unauthorized access to web applications if inactivity timeouts are not configured correctly. SENSITIVE INFORMATION 7 PASSED AS CLEAR TEXT IN GET URL PROBLEM Web applications using GET requests to pass information via the query string are doing so in clear-text. This makes any sensitive information passed with GET visible in browser history and server logs. SESSION ID COOKIES E3 NOT MARKED SECURE PROBLEM If session ID cookies for a web application are marked as secure, the browser will not transmit them over an unencrypted HTTP re- quest. Not marking them as such allows cookies to be accessible and viewable in by attackers in clear text. CROSS FRAME E) SCRIRTING (XFS) PROBLEM XFS exploits are used in conjunction with XSS to direct browsers to a web page controlled by attackers. In these cases, the malicious page loads a third-party page in an HTML frame. Scripts on the attacker's page are then able to steal data from the third-party page, unbeknownst to the user. SENSITIVE INFORMATION -| 0 DISPLAYED AS CLEAR TEXT ON SCREEN PROBLEM Sensifive information (e. g., passwords, credit card information) should not be displayed as clear text on the screen. In addition to shoulder surfing attacks, sensitive data stored as clear text often finds its away into client-side caches—which can be easily stolen if discovered. ' ScriptROck scriptrock. com | @ScriptRock