OWASP Top 10: Exploring Web Application Security Threats and Solutions

Verified

Added on 2022/09/18

AI Summary

This report provides a comprehensive overview of the OWASP Top 10, a crucial guide to web application security. It defines the OWASP Top 10, detailing its importance in identifying and mitigating critical web application security risks, such as injection attacks, broken authentication, sensitive data exposure, cross-site scripting, and more. The report explains the significance of the OWASP Top 10 for web application developers and cybersecurity professionals, emphasizing its role in prioritizing and addressing vulnerabilities. It examines how the OWASP Top 10 relates to web servers, suggesting best practices for web developers, including the use of source code analyzers, web application firewalls (WAFs), and regular security assessments. Furthermore, the report discusses testing methodologies, particularly the use of Burp Suite to identify and address vulnerabilities like SQL injection, cross-site scripting, and insecure direct object references. The conclusion underscores the paramount importance of the OWASP Top 10 in contemporary web application security and its role in providing developers with the knowledge and tools to secure their applications.

Running head: OWASP TOP 10
OWASP TOP 10
Name of the Student
Name of the University
Author note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1OWASP TOP 10
Executive Summary
Security is a major concern in the web based applications. It ensures that web application is
capable of protecting the data and it helps to maintain its functionality. In current scenario,
every company wants to secure their web based applications, so that they can protect their
data. OWASP is dedicated to provide the web application security for different web based
applications. This report will discuss regarding the OWASP 10 in detail.

2OWASP TOP 10
Table of Contents
Introduction................................................................................................................................3
Definition of OWASP Top 10....................................................................................................3
Importance of OWASP Top 10..................................................................................................5
Conclusion..................................................................................................................................6
References..................................................................................................................................7

3OWASP TOP 10
Introduction
Open Source Web Application Security is an international non-profit organisation
who dedicates themselves to provide a web application based security (Wibowo, 2019). Main
principal of the OWASP is that they provide all the materials in free of cost and easily
accessible to their websites. It helps a company to make a secured web based application.
They provide various types of materials such as documentation, tools, videos and forums.
Well known project of this organisation is OWASP Top ten.
In this report, at first, definition of OWASP Top 10 will be discussed (Malik, 2020).
After that, importance of OWASP Top 10 will be discussed. After that, it will discuss what
the OWASP Top 10 will do with the web servers. At the end, it will discuss regarding the
testing of OWASP Top ten.
Definition of OWASP Top 10
The OWASP Top 10 is the list of top ten crucial web application security issues along
with efficient methodologies to tackle those flaws. OWASP top ten covers following
categories:
 Injection
Injection attack happens when corrupted data is forwarded to the code
interpreter by using the form of input or some other methodology related to the web
based application (Mezei, Guimaraes & Chen, 2020). In this case, an attacker has the
ability to inject malicious content inside the vulnerable fields. Positive technologists
have detected that SQL injection is most crucial attack on the web based applications
(27 %). Injection attack happens when a user fails tom restrict their user input from

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4OWASP TOP 10
their websites. Malicious code is injected to the applications in such field can access
the sensitive information or even administrator rights.
 Broken authentication and session management
Most of times, it happens that, applications related to the authentication as
well as session management are not implemented in an appropriate manner (Hosizah,
2020). It helps the attackers to crack the passwords, keys or session tokens.
 Sensitive data exposure
It happens because of poor implementation of the cryptography and use of
those protocols which are not so secured (Wibowo, 2019). With the help of indirect
indicators as well as side channels, attackers may be able to infer some encryption
methodologies.
 Cross site scripting
It occurs when an application adopts some unauthorized data as well as
forwards to the web browser without any validation (Mezei, Guimaraes & Chen,
2020). It helps the attacker to execute some scripts inside the browser of the victim.
 Insecure direct object reference
A direct object reference occurs when a programmer reveal a remark to an
internal object (Sane, 2020). For example, file, directory, or the database key.
Without any checking of access control, intruder can able to manipulate these
references for accessing some data having no authorization.
 Security Misconfiguration

5OWASP TOP 10
Outstanding security has a pre-defined security configuration as well as it is
deployed for application, application server, framework, database server, web server
as well as platform (Ben-Bassat & Rokah, 2020). Secured configuration must be
defined, implemented as well as maintained. But the defaults are often treated as
insecure. Software needs to keep updated.
 Missing function level access control
Majority of the web applications check the access at the rights of functional
level before creating visible of features for User Interface (Willberg, 2019). But the
applications require performance checking for similar access control on the server
when every function verifies. If these requests are not verified properly then attacker
will mould the request for accessing the functionality without any proper
authentication.
 Cross Site Request Forgery
It forces to perform the log in operation on the browser of a victim user for
forwarding a mould HTTP request (Wibowo, 2019). It also has session cookie and
any other automated data. It moves to a web application which is not at all secured. It
helps the intruder forcefully generate requests from the browser of the victim.
Importance of OWASP Top 10
It helps to know various types of security threats for the web based applications. It
gives a vast idea regarding the most crucial web applications security risks (Sane, 2020).
They provided to the priority according to the prevalence and severity of each of the risks.
It is very important for the web applications developers and cyber security
professionals.

6OWASP TOP 10
What OWASP Top 10 does with the web servers?
 A web developer can use a source code analyser to perform the application
security
 They can deploy a web application firewall (WAF) for protecting their
websites (Mezei, Guimaraes & Chen, 2020).
 They can perform the regular access of the security features of the website
and remove any security related issues.
 They should use latest web servers, OS, CMS or library versions.
How to perform the testing
Using the Burp, the testing can be done (Malik, 2020). With the help Burp, the SQL
injection can be done by avoiding the authentication of vulnerable web page. Burp uses the
Brute Force method for breaking the authentication of a web based application. Using the
Burp Scanner, one can search for the cross site scripting and can perform the testing for
DOM based XSS (Ben-Bassat & Rokah, 2020). With the help of Burp Intruder and Repeater
for checking an insecure direct object reference vulnerabilities. Using Burp Spider, security
Misconfiguration can be checked. By using the Burp’s CSRF PoC generator, an application
developer can hijack a user’s account (Ferrara et al., 2019). By using the Burp’s Site Control,
one can perform the testing for access control issues.
Conclusion
In current scenario, web application security is a crucial part. That is why; every
company wants to protect their websites so that there is no loss of data. OWASP Top 10 lists
some security threats and provides a detailed documentation regarding this matter. With the
help of this, web application developer can gain a vast knowledge regarding the security
threats related to the web based applications. Burp tool helps to provide testing of the security

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7OWASP TOP 10
attacks listed in the OWASP Top 10 category. At the end it can be said that, OWASP Top 10
is very important for web application security.

8OWASP TOP 10
References
Ben-Bassat, I., & Rokah, E. (2020). Locality-sensitive hashing for efficient web application
security testing. arXiv preprint arXiv:2001.01128.
Ferrara, P., Mandal, A. K., Cortesi, A., & Spoto, F. (2019). Static Analysis for the OWASP
IoT Top 10 2018. Proceedings of SPIoT, 19.
Hosizah, F. T. (2020). Security system testing on electronic integrated antenatal care (e-
iANC). International Journal of Electrical and Computer Engineering (IJECE),
10(1), 346-352.
Malik, S. (2020). User Centric Security Models for Improving the Cyber Security using from
SQL Injections and Cross Site Scripting Techniques.
Mezei, R. A., Guimaraes, M., & Chen, X. (2020, February). Introducing Cybersecurity
Concepts in Non-Security Courses through a POGIL Activity: A Pilot Study. In
Proceedings of the 51st ACM Technical Symposium on Computer Science Education
(pp. 1290-1290).
Sane, P. (2020). Is the OWASP Top 10 list comprehensive enough for writing secure code?.
arXiv preprint arXiv:2002.11269.
Wibowo, H. S. (2019). EVALUASI CELAH KEAMANAN PADA WEBSITE P3GL DENGAN
PENETRATION TESTING DAN BERDASARKAN OWASP TOP-10 2017 (STUDI
KASUS: PUSAT PENELITIAN DAN PENGEMBANGAN GEOLOGI KELAUTAN)
(Doctoral dissertation, Fakultas Teknik Unpas).
Willberg, M. (2019). Web application security testing with OWASP Top 10 framework.