Common Web Application Vulnerabilities
Sometimes the easiest way to find vulnerabilities is to look at what has happened in the past. By examining common vulnerabilities that have appeared in other applications, we can learn from previous mistakes.
OWASP
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted.
OWASP has tools, documents, forums, and local chapters all dedicated to the advancement of web application security. All the resources are free and open to anyone interested in improving application security.
OWASP advocates approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all these areas.
If you have not been there, check out the OWASP web site at http://www.owasp.org.
OWASP top 10
OWASP compiled a list of the top 10 vulnerabilities that plague web applications. This list is quickly becoming the de facto list of application vulnerabilities in security circles, and so here it is:
- Unvalidated input
Information from web requests is not validated before being used by a web application. Attackers can use these flaws to attack backend components through a web application.
- Broken access control
Restrictions on what authenticated users are allowed to do are not properly enforced. Attackers can exploit these flaws to access other users' ...
Get Securing Ajax Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
