OWASP TOP 10 Explained

 See the source image


Hello World!

Through this write-up, I’ll try to educate you about OWASP and the OWASP top 10 Vulnerabilities for Web Applications.


What is OWASP?

OWASP stands for Open Web Application Security Project.


What does OWASP do?

The Internet has connected almost everything to the online world. From making a call to sending messages, making payments, sharing stories, making groups, creating a thread on any topic, and having opinions from various people across the globe and what not! The Internet has made the world a very small place it seems!

Now, when you’re spending so much of your time on the internet, it's obvious that your data goes online wherever you sign up. Being a citizen of the modern world, every person who is connected to the internet must know that their data is their ultimate strength and weakness. If in the wrong hands, your data can be used in a way that you cannot even imagine in the wildest of your dreams! Moreover, the recent data breaches and cyber-attacks are a perfect example of how much value your data is!

That’s where organizations like OWASP come into the picture!

OWASP does the work of making the internet a safer place by building open source community-driven projects, conducting hundreds of cybersecurity conferences worldwide under their hundreds of chapters and thousands of members from different parts of the world.


What is OWASP TOP 10?

Over the years of its establishment, the OWASP Foundation has found out the 10 most common vulnerabilities that exist in the web applications present on the internet. The OWASP Top 10 Vulnerabilities are as follows:


A1: INJECTION

Of all the bugs known, the Injection category surely tops the list. This includes bugs like SQL Injection, NOSQL Injection, LDAP Injection, OS Command Injection, and similar bugs.

Injection type of bugs take advantage of the fact that sometimes untrusted input is accepted by a web application and the data is sent over to the server in the form of a command or query and the server returns sensitive information.

Just imagine there’s an input field where you are supposed to search for an item from the website and you enter any Linux OS command such as cat /etc/passwd and the command is not validated and directly sent to the server for processing. You’ll be able to see the list of users! Well, another example is submitting an SQL query that can return user credentials and even credit card information! That’s how Injection type bugs work.


A2: Broken Authentication and Session Management

Authentication functionality in any web application verifies the genuineness of a user. How about someone verifying your genuineness on your behalf? Are you going to like that? Of course not! The Broken Authentication category includes bugs such as Session related bugs, Authentication bypass, etc.

If such issues exist, it is a serious privacy concern for user data security! Also, sessions not invalidated after password reset or logout, etc can lead to compromising data. This is how Broken Authentication and session management work.


 A3: Sensitive Data Exposure

What would happen if the file containing usernames and passwords is made publicly available on the website? What would happen if API keys are leaked in JS files or Exif geolocation data is not removed from images? All these are sensitive information about either a person or a website. Sensitive data exposure includes vulnerabilities such as Disclosure of secrets, token leakage via referrer, sensitive token in URL, etc


A4: XML-External Entities (XXE)

XML is often used for storing and transmission of data. XXE occurs when certain sensitive functions which can be abused to an attacker’s advantage are left enabled in XML parsers. This results in the parser accepting malicious input and processing it and returning sensitive information. It’s a very rare vulnerability nowadays.


A5: Broken Access Controls

There must be some secrets in your life which you would not want anyone to know and it must be only limited to you. Similarly, there are certain resources of the website which should only be accessed by the admin or the owner of that website. When we talk about Broken Access control bugs, we’re talking about permissions, privilege, etc. The permissions for sensitive data access must be properly defined, also the user roles must be properly defined as well. If not done so, a low privileged user would be able to access sensitive information. This category includes bugs like SSRF, User Enumeration,

IDOR, etc.


A6: Security Misconfiguration

Security Misconfigurations are the most common bugs found on web apps. This category includes missing HTTP headers, default credentials, Email spoofing bugs, OAuth misconfiguration, etc. These bugs can range from low severity to high severity as well. Also if a CMS or framework is used, it should be regularly patched.


A7: Cross-Site Scripting

Commonly known as XSS, Cross-Site Scripting Occurs when the user can inject malicious Javascript code into the input fields and the input is not validated properly. Sometimes, the same malicious script is stored on the server-side as well, which can affect the whole website. XSS is of 3 types. Reflected, Stored, and DOM-based.


A8: Insecure Deserialization

Serialization is the process of converting data objects into a serial format so that they can be stored on the server-side. Whereas deserialization is converting the serial format of data back to the data object form. An insecure deserialization bug occurs when the deserialization function trusts malicious input and processes it. This can lead to attacks such as Remote code execution, Denial of Service, Privilege escalation, etc.


A9: Using Components with known vulnerabilities

This category includes the CVE’s, and libraries, plugins, and frameworks that have vulnerabilities discovered within them already. If such components are used in a web app, they can be easily exploited and abused to one’s advantage.

Eg. Using an older version of WordPress CMS can lead to user enumeration. Using older versions of struts can lead to Apache struts RCE.


A10: Insufficient Logging and Monitoring

Proper monitoring and logging can help to evade a lot of serious threats to a system. Suppose an attacker is performing a brute force attack, if monitored properly, the attacker’s IP address can be blocked or the account can be locked thus preventing the system from getting compromised. Therefore strict logging and monitoring must be implemented to ensure the safety of systems as prevention is better than cure.


To conclude, we can say that majority of the issues arise when arbitrary input is trusted so every website should implement systems where no input is trusted, input is properly validated and encoded to avoid attacks. 




LinkedIn:  Bhavak Kotak

Instagram: bhavak_29

:NOTE:

All the images belong to their respective owners.

Your valuable comments and suggestions are always welcome...

Comments

Post a Comment

Popular posts from this blog

Defeating RootME

Image
Hello hackers, Recently I started practicing on  Tryhackme  and came across this easy yet interesting machine named RootME by  ReddyyZ . I strongly recommend the beginners to try this machine out as it would clear the following several concepts of yours one of them being how to bypass file upload functionality and gain a reverse shell on the target system. Not only that, but you'll also have a basic idea about how privilege escalation works. So without taking up any more time of yours, let's jump into the walkthrough.                                                                                        : TASK 1 : Deploying the machine😅 While some of you might think what madness this is we already know that!! My dear friend, you're free to skip this portion then😊😌. Step 1: Connect to OpenVPN [Check the OpenVPN room so that you have an idea] Command used: openvpn {your openvpn file}   Step 2: Click on Start Machine or Start Attack Box. [ I think you can do this:) ] Step
Read more

TCS HACKQUEST PLAYGROUND WALKTHROUGH

Image
Hello Hackers! I hope you're doing well. This blog is a part of KeyCybr Internship. Recently I came across the TCS Hackquest Playground, and here I'll be giving an insight into the solution for the same. The link to register for the same is  https://play.tcshackquest.com/register   This playground is like a warm-up before the actual TCS Hackquest, which is probably scheduled for January 2022. Let's dive into the challenges. Challenge 1: Time to play with J.S.   As you click on "Link here" you'll be redirected to a page that looks like  You'll have to enter the value here to get the flag. Now, since there's nothing visible on the page, the fundamental thing that should strike you must be viewing the page source! As you visit the page source, you'll see The variable contains a base 64 string. On decoding it with the base 64 decoder You'll get submitthis: {text_to_be_submitted} As you submit the text and click on Retrieve the Flag, you'll rece
Read more

Networking 101: The OSI Model

Image
 In the last couple of writeups, we talked about various things related to protocols, IP addresses, MAC Addresses, etc. We used the term layers and we talked about various layers like layer 2, layer 3, etc for various terms and protocols and addresses. Here's where all these layers lie and it is the model that comprises of and gives information about these layers. We are going to talk about the OSI Model. OSI stands for Open System Interconnection and as the name suggests OSI model sets standards for the systems that are open to communicating with other systems. Sometimes during technical discussions, a switch may be referred to as layer 2 or a router as layer 3 so it is extremely important to have a good idea about the OSI model. The OSI model comprises 7 layers. An easy way to remember them is a sentence that goes like A P enguin S aid T hat N obody D rinks P epsi. (Top to bottom order) (If you're a Pepsi lover please don't get offended this is just for the sake of reme
Read more