Application security is the most critical point for any business regardless of its sphere. Even if you are not a security tester, it is useful to know the most common vulnerabilities and security problems an application can have. Moreover, it is vital to be able to prevent or deal with them.
Open Web Application Security Project (OWASP) is an open project to ensure web applications security. The organization is not affiliated with any company involved in the software development and supports the thoughtful use of security technologies.
TOP 10 most significant vulnerabilities
- A1 – Injection
- A2 – Broken Authentication and Session Management
- A3 – Cross-Site Scripting (XSS)
- A4 – Insecure Direct Object References
- A5 – Security Misconfiguration
- A6 – Sensitive Data Exposure
- A7 – Missing Function Level Access Control
- A8 – Cross-Site Request Forgery (CSRF)
- A9 – Using Components with Known Vulnerabilities
- A10 – Unvalidated Redirects and Forwards
OWASP has compiled a comprehensive Top Ten list that contains the most dangerous Web application vulnerabilities and provides recommendations for handling those flaws. Here’s list of 10 most critical vulnerabilities.
The purpose of the Top Ten list is to increase the awareness of application security by determining the most critical risks to organizations. The Top Ten list refers to the set of standards, tools and organizations, including MITRE, PCI DSS, DISA, FTC, and many others.