Scribd Logo
Upload

Welcome to Scribd!

  • Web Security Vulnerabilities Explained

    Uploaded by

    Nadeem Malik
    22 views10 pages
    This document discusses web security and common web vulnerabilities. It defines web security as the security of websites, web applications, and web services. It then lists several common categories of web vulnerabilities, including broken authentication, broken access controls, SQL injection, cross-site scripting, information leakage, and cross-site request forgery. The document also discusses the OWASP top 10 list of web vulnerabilities and provides more details on some specific vulnerabilities like SQL injection and cross-site scripting.

    Original Description:

    web security

    Original Title

    web security

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses web security and common web vulnerabilities. It defines web security as the security of websites, web applications, and web services. It then lists several common categories of web vulnerabilities, including broken authentication, broken access controls, SQL injection, cross-site scripting, information leakage, and cross-site request forgery. The document also discusses the OWASP top 10 list of web vulnerabilities and provides more details on some specific vulnerabilities like SQL injection and cross-site scripting.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views10 pages

    Web Security Vulnerabilities Explained

    Uploaded by

    Nadeem Malik
    This document discusses web security and common web vulnerabilities. It defines web security as the security of websites, web applications, and web services. It then lists several common categories of web vulnerabilities, including broken authentication, broken access controls, SQL injection, cross-site scripting, information leakage, and cross-site request forgery. The document also discusses the OWASP top 10 list of web vulnerabilities and provides more details on some specific vulnerabilities like SQL injection and cross-site scripting.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    WEB SECURITY

    BY:
    CHAITANYA PATHAK
    MD SANJER ALAM UNDER THE
    GUIDANCE OF:
    NADEEM MALIK DR.
    MAINUDDIN
    WEB
    Branch
    SECURITY
    ofInformation Security.
    Deals specifically with security ofwebsites,web
    applicationsandweb services.
    Web applications perform every useful function
    implemented online. Examples:
    Shopping (Amazon)
    Social networking (Facebook)
    Banking (Citibank)
    Web search (Google)
    Auctions (eBay)
    Web mail (Gmail)
    Interactive information (Wikipedia)
    With new class of technology, comes new range
    of security vulnerabilities.
    Most serious attacks those that gain unrestricted
    access to the back-end systems which runs the
    application.
    Some common categories of vulnerability:

    Broken Authentication (62% of all cases)

    Broken Access Controls (71% of all cases)

    SQL Injection (32% of all cases)

    Cross-Site Scripting (94% of all cases)

    Information Leakage (78% of all cases)

    Cross-Site Request Forgery (92% of all cases)


    OWASP TOP 10
    2013
    A1 - Injection
    A2 - Broken Authentication and Session Management
    A3 - Cross-Site Scripting (XSS)
    A4 - Insecure Direct Object References
    A5 - Security Misconfiguration
    A6 - Sensitive Data Exposure
    A7 - Missing Function Level Access Control
    A8 - Cross-Site Request Forgery (CSRF)
    A9 - Using Known Vulnerable Components
    A10 - Unvalidated Redirects and Forwards
    Encompasses various defects within the
    applications login mechanism.

    Enable attackers to guess weak


    passwords, launch a brute-force attack or
    bypass the login.

    Broken Access
    Controls
    Involves cases where the application fails
    to properly protect access to its data and
    functionality.
    SQL Injection
    Enable attackers to submit crafted input
    to interfere with the applications
    interaction with back-end databases.

    Attackers able to retrieve arbitrary data


    from the application, interfere with its logic
    or execute commands on the database
    server itself.

    Cross-Site Scripting
    Enable attackers to target other users of
    the application, gaining access to their
    data, performing unauthorized actions on
    Involves cases where an application
    divulges sensitive information that is of use
    to an attacker in developing an assault
    against the application, through defective
    error handling or other behavior.

    Cross-Site Request
    Forgery
    Application users induced to perform
    unintended actions on the application
    within their privilege level.

    Allows a malicious web site visited by the


    victim user to interact with the application
    References:
    https://
    www.owasp.org/index.php/Category:O
    WASP_Top_Ten_Project

    Web Application Hacker's Handbook by


    Dafydd Stuttard and Marcus Pinto
    THE END

    You might also like