OWASP Top 10 web application security risks
OWASP is a non-profit organization aiming to improve software security and the Internet. Here is their list of the ten most common vulnerabilities to increase web security awareness.
Broken Access Control
Access control failures typically lead to unauthorized information disclosure, modification, or destruction of data or performing a business function outside the user's limits.
Cryptographic Failures
Previously known as Sensitive Data Exposure, this category focuses on failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data.
Injection
Some of the more common injections are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP, and Expression Language (EL) or Object Graph Navigation Library (OGNL) injection.
Insecure Design
A new category for 2021 that focuses on risks related to design and architectural flaws, with a call for more use of threat modeling, secure design patterns, and reference architectures.
Security Misconfiguration
A component susceptible to attack due to an insecure configuration would be classified as security misconfiguration.
Vulnerable and Outdated Components
A component with a known vulnerability could be an operating system, a CMS, a web server, an installed plugin, or even a library used by a plugin.
Identification and Authentication Failures
Previously known as Broken Authentication, this involves all kinds of flaws caused by errors in the implementation of authentication and/or session management.
Software and Data Integrity Failures
A new category for 2021 that focuses on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity.
Security Logging and Monitoring Failures
This category is to help detect, escalate, and respond to active breaches. Without logging and monitoring, breaches cannot be detected.
Server-Side Request Forgery
SSRF flaws occur when a web application fetches a remote resource without validating the user-supplied URL.
GO HACK YOURSELF
Upgrade your web application security today
Join 1000s of companies that continuously scan, detect, and remediate OWASP and other business-critical vulnerabilities with Detectify.
Find, fix, and prevent critical security vulnerabilities
Scan what you want, when you want
Once you’ve added and verified ownership of your domains, our scanner allows for flexible asset scanning and customizable scan frequency.
Integrate directly into your workflow
Expedite critical vulnerability information by sending your severities to wherever you want them. Set up Slack, Jira, Splunk, PagerDuty, Trello, OpsGenie, or Webhook integrations.
Fix findings with expert remediation tips
Receive a complete overview of all vulnerabilities, regardless of their root asset. Filter and tag findings to better prioritize vulnerabilities and follow expert remediation tips to fix them.
Powered by elite ethical hackers
We update our scanner with new security tests every week by utilizing the knowledge of 200+ top ranked ethical hackers.
Make the most of the following during your free trial
Scan as often as you like during your trial. No card required!
2000+ security tests
With further tests added weekly by Crowdsource, our ethical hacker community.
OWASP Top 10 view and beyond
Check your site's OWASP Top 10 score and test for less common, critical, and undocumented vulnerabilities.
2FA
Two-factor authentication for all users in your team.
API integration
Start, stop and check the status of scans.
Up to 10 team members
Share scan profiles within your team with controlled user permissions.
Export reports
Export the results from your latest scan (PDF, XML, JSON, plus more).
Customer support
We'll answer your questions and help you make web security as accessible and actionable as possible.
Log4j scanning
We're extensively scanning and continuously monitoring for various Log4j vulnerabilities.
Ted M
President
Small Business
“Detectify is a powerful tool that every business should have”
Detectify provides my customers with a point-in-time score about their current security vulnerabilities, their risk and a score. It has an easy to use interface, reporting that is interpretable by both the technical and non-technical alike, and best of all - it's affordable for what you get!