OWASP Top 10 web application security risks
OWASP is a non-profit organization aiming to improve software security and the Internet. Here is their list of the ten most common vulnerabilities to increase web security awareness.
Broken Access Control
Access control failures typically lead to unauthorized information disclosure, modification, or destruction of data or performing a business function outside the user's limits.
Cryptographic Failures
Previously known as Sensitive Data Exposure, this category focuses on failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data.
Injection
Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection.
Insecure Design
A new category for 2021 that focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures.
Security Misconfiguration
A component susceptible to attack due to an insecure configuration would be classified as security misconfiguration.
Vulnerable and Outdated Components
A component with a known vulnerability could be an operating system, a CMS, a web server, an installed plugin, or even a library used by a plugin.
Identification and Authentication Failures
Previously known as Broken Authentication, this involves all kinds of flaws caused by errors in the implementation of authentication and/or session management.
Software and Data Integrity Failures
A new category for 2021 that focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity.
Security Logging and Monitoring Failures
This category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected.
Server-Side Request Forgery
SSRF flaws occur when a web application fetches a remote resource without validating the user-supplied URL.
GO HACK YOURSELF
Delivering complete attack surface coverage
Join 1000s of companies that continuously scan, detect, and remediate OWASP and other business-critical vulnerabilities with Detectify.
1,700+ global customers choose Detectify to cover their attack surface
Know which assets are the most vulnerable
Get an overall state of your organization's security and focus on your most important assets.
See how your attack surface has evolved
See what your organization exposes to the Internet and how assets are protected.
Quickly investigate exposures
Understand what needs fixing and give developers the correct information to resolve critical issues.
Verify that only approved tech is in use
Spot anomalies across your organization's attack surface that your team can follow up on.
Included in a 2-week free trial:
No card needed to get started.
Surface Monitoring
2 apex domains with continuous monitoring for the whole trial period.
Application Scanning
5 scan profiles (domains or subdomains), with unlimited scans per scan profile.
Continuous coverage 24/7
Discover and monitor your modern tech stack with daily insights about every exposed asset.
Unique crawling and fuzzing engine
That goes beyond the capabilities of a “traditional” DAST scanner.
Accurate results that save time
99.7% accuracy in vulnerability assessments with 100% payload-based testing.
Ethical hacker expertise in 15 minutes
Research from Crowdsource, our community of 400+ ethical hackers, allows you to discover the latest undocumented security vulnerabilities.
Ted M
President
Small Business
“Detectify is a powerful tool that every business should have”
Detectify provides my customers with a point-in-time score about their current security vulnerabilities, their risk and a score. It has an easy to use interface, reporting that is interpretable by both the technical and non-technical alike, and best of all - it's affordable for what you get!