site map  contact us    



      Home    Bespoke Software    Hardware     Maintenance Contracts     Surveillance Solutions     Network Cabling     Ecommerce     Info

Top 10 Most Critical Web Application Security Flaws

The following information was drawn up by the Open Web Application Security Project (OWASP) of the ten most critical web application vulnerabilities in 2004.

The ten flaws in the OWASP list are:

1.  Non-validated input.

Attackers could use non-validated data to reach backend components.

2.  Broken access control.

Improper application of restrictions on authenticated users could give attackers access to other accounts or use unauthorized functions.

3.  Broken authentication and session management.

Account credentials and session tokens are not properly protected, allowing attackers to compromise passwords, keys, session cookies or tokens, and assume the identities of other users.

4.  Cross-site scripting.

This allows the web application to be used to transport an attack on the end user's browser, leading to the disclosure of the end user's session token or spoof content to fool the user.

5.  Buffer overflows.

Web application components written in languages that do not properly validate input can crash and in some cases, be used to take control of a process.

6.  Injection flaws.

Web applications pass parameters when they access external systems or the local OS. If malicious commands are embedded in the parameters, the external system may execute those commands on behalf of the Web application.

7.  Improper error handling.

This can lead to attackers gaining detailed system information or causing denial of service.

8.  Insecure storage.

Web applications that use cryptographic functions to protect information and credentials have proven difficult to code properly, resulting in weak protection.

9.  Denial of service.

As mentioned, attackers use up Web application resources to the point where other legitimate users can no longer access or use the application. Attackers can also block user accounts or cause application failures.

10.  Insecure configuration management.

Having a strong configuration standard is critical.


home | network | software | hardware | internet | contact


Copyrights by Sentry Digital Information Systems



More Categories

Networking Solutions
Software Solutions
Hardware Solutions
Ecommerce Solutions
Online Shopping

Useful Links & Tools
Pinnacle Awards

We help your IT Manager

More Information

How to contact us
How to find us
Latest News
Partnerships & Accreditations
Careers at Sentry Digital

How to get in touch

CLICK HERE to Contact PIS LtdCLICK HERE to Contact PIS Ltd

Recommend Sentry Digital Systems to a Colleague

London Office
1 Ropemaker Street
London,  UK

Birmingham Office

43 Temple Road
West Midlands, UK
B25 LS