Web application attacks are now the most frequent pattern in confirmed breaches (2018 Verizon Data Breach Investigations Report). Yet many organizations struggle to implement an application security program because they simply don’t know where to start. Setting policies based on eliminating OWASP Top 10 vulnerabilities is an excellent starting point – these vulnerabilities are widely accepted as the most likely to be exploited, and remediating them will greatly decrease your risk of breach. For more details, see The Ultimate Guide to Getting Started with Application Security.
Our research reveals that applications continue to fail OWASP Top 10 policy (see chart above), even though these security vulnerabilities are easy to find and fix. One reason for this disconnect is that developers are not well trained in cybersecurity and secure coding practices. Security teams also have misconceptions around what application security is, and is not. A one-time scan or pen test of a handful of business-critical apps is not effective application security. A program that continuously assesses the applications an organization builds, buys or assembles — from inception to production — is effective application security. Find out more about application security misconceptions with our Application Security Fallacies and Realities guide.
The following identifies each of the OWASP Top 10 Web Application Security Risks, and offers solutions and best practices to prevent or remediate them.
2. Broken Authentication and Session Management
3. Sensitive Data Exposure
4. XML External Entity
5. Broken Access Control
6. Security Misconfiguration
7. Cross-Site Scripting
8. Insecure deserialization
9. Using Components With Known Vulnerabilities
10. Insufficient Logging and Monitoring
For more visit: OWASP