This document summarizes topics related to web application security. It discusses what security and computer security are, defines web application security, and introduces the OWASP Top 10 list of vulnerabilities. The list includes injection, broken authentication, sensitive data exposure, XML external entities, broken access control, security misconfiguration, cross-site scripting, insecure deserialization, use of vulnerable components, and insufficient logging and monitoring. The document also covers some vulnerabilities specific to React applications, such as XSS issues via dangerouslySetInnerHTML and attacker-controlled props.
7. 7
What is Computer Security
Computer security, cybersecurity or information technology security
(IT security) is the protection of computer systems from theft or damage
to their hardware, software or electronic data,
as well as from disruption or misdirection of the services they provide.
9. 9
Web application security
Web application security is a branch of information security that deals
specifically with security of websites, web applications and web services.
At a high level, web application security draws on the principles
of application security but applies them specifically to internet
and web systems.
49. 49
React Vulnerability
ReactJS is quite safe by design since
● String variables in views are escaped automatically
● With JSX you pass a function as the event handler, rather
than a string that can contain malicious code
But …