It is has become a common occurrence in the news: reports of web sites being compromised with valuable information lost or stolen causing businesses to suffer financial losses, incur additional expenses and to lose the confidence of their customers. Thus, any site or web application that a company plans to deploy should take steps to guard against potential on line threats to its security. The key defenses in this battle are knowledge of the vulnerabilities targeted by on line intruders and training of those involved in the development process (analysts, developers and testers) to produce web sites and apps that can correctly respond the various techniques used to hinder services, cause damage or gain unauthorized access.
What then, are the most frequent types of attacks that companies confronting today? According to OWASP, the Open Web App Security Project, the top 10 type of attacks are:
- SQL Injection
- Cross-Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross-Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
In the coming weeks we will take a closer look at these types of intrusion and share methods for dealing with each one.