Scribd
Upload
12 views

cybersecurityDoc

Uploaded by

sreeranganadh008
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
12 views

cybersecurityDoc

Uploaded by

sreeranganadh008
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

OWASP

OWASP is the open web application security project organization focused on improving the security
of software

OWASP has the top 10 vulnerabilities .In every three years Owasp organization conducts the world
wide meeting and find the most famous vulnerabilities.

OWASP top 10 vulnerabilities :

1. A01:2021-Broken Access Control


2. A02:2021-Cryptographic Failures
3. A03:2021-Injection
4. A04:2021-Insecure Design
5. A05:2021-Security Misconfiguration
6. A06:2021-Vulnerable and Outdated Components
7. A07:2021-Identification and Authentication Failures
8. A08:2021-Software and Data Integrity Failures
9. A09:2021-Security Logging and Monitoring Failures
10. A10:2021-Server-Side Request Forgery(SSRF)

Broken Access Control :

The one user can login with their credentials then access and modify the another user’s
data.

Cryptographic Failures :

The Cryptographic Failures is to exposure sensitive data.

Injection :

Attacker send the malicious data as part of a command. When we know the username then
we can apply EX : [email protected]’--

Insecure design :

The all vulnerabilities present in one software the Insecure design.

Security Miscofiguration :

These misconfigurations can occur at any level of an application stack, including the web
server, database, platform, frameworks, or application itself.

Vulnerable and Outdated Components :

It is occur in when the developing software versions are two old.

Identification and Authentication Failure :

sucessfully logging into the device after taking so many items.


Software and Data Integrity Failures :

that occur when an application fails to protect against unauthorized alterations of its
software or data. This could happen during the development, deployment, or runtime of an
application. If an attacker can alter the software or data without detection, it can lead to serious
security breaches, including the introduction of malicious code or the corruption of important data.

Security Logging and Monitoring Failures :

Your logging system is set up, but it only logs basic information like successful logins and
completed transactions. It doesn’t log failed login attempts, changes to user profiles, or suspicious
activity like unusually large purchases.

Server-Side Request Forgery(SSRF) :

manipulate a server to make unauthorized requests to internal or external resources.

Burp suite
Burp suite is the powerful software testing tool. surface to finding and exploiting security
vulnerabilities.

Components in burp suite :

Proxy :- The proxy is the responsible between browser and target application.

Intruder: A powerful tool for automating customized attacks, such as fuzzing or brute-forcing
credentials.

You might also like