The goal of phase 2 is to run many different security tools to perform static and dynamic code analyses to identify vulnerabilities in the IIoT application code. Before we dive into the tools, let's look at a recap of the top vulnerabilities, as defined by OWASP, given here for reference:
- Injection issues: These happen when additional query parameters are added as part of the API query by an attacker. Issues such as SQL injections and LDAP injections fall into this category.
- Cross-site scripting (XSS): XSS occurs whenever an attacker takes over the end user's browser and enables the attacker to execute scripts in the user's browser, which can hijack user sessions, among other things.
- Broken authentication ...