OWASP Top 10 Web Security Vulnerabilities

Web Security Vulnerabilities
Share It On:

22nd October 2021, Kathmandu

The line graph above presents the OWASP Top 10 Security Vulnerabilities from the year 2004 to 2021.

The OWASP Top 10 Security Risks and Vulnerabilities report aids business companies and web applications to identify vulnerabilities that are frequently exploited by attackers and provides recommendations for preventing these attacks.

In the year 2004, input validation was the most critical security vulnerability followed by broken access control and broken authentication.

Input validation vulnerability occurs when data and information from web requests are not validated prior to being used by a web application.

Broken access control is a security vulnerability where authorized users and restrictions on what those users are allowed to do are not properly defined.

A broken authentication vulnerability is when the necessary credentials and session tokens of users are not secured properly.

Cross-Site Scripting (XSS), Buffer Overflow, Injection, and Cryptographic failures are other web and security vulnerabilities that were included in the OWASP Top 10 list in 2004. Cross-site scripting, injection flaws, and insecure direct object reference were the top three most critical security vulnerabilities of the year 2007.

XSS is a security vulnerability that occurs when an application system delivers user-supplied data to a web browser without verifying or encoding the data beforehand.

Injection flaws are another common web application vulnerability where the user input data are communicated to an interpreter as a part of a query or command.

When a developer reveals a reference to an internal implementation object like file, database records, or directories, in the form of a URL or form parameter, it is known as an insecure direct object reference.

Hackers can potentially gain unauthorized access to other objects by manipulating those references.

CSRF, misconfiguration, broken access control, broken authentication, and cryptographic failures are other security vulnerabilities that fall under OWASP Top 10 list of 2007.

In both the years 2010 and 2013, injection flaws were the most common security vulnerability along with broken access control, broken authentication, XSS, and insecure direct object reference.

The other web application and security vulnerabilities that were included in the OWASP Top 10 of 2010 and 2013 were security misconfiguration, cryptographic failures, CSRF, and unvalidated redirects respectively.

Injection flaws were again the most critical and common security vulnerability of the year 2017 followed by broken authentication and cryptographic failures.

Broken access controls, security misconfigurations, using components with a known vulnerability, and insufficient logging were other common web application vulnerabilities that made to the OWASP Top 10 Security Vulnerabilities of 2017.

According to the OWASP Top 10 Security Vulnerabilities of the year 2021, broken access control is the top and most common security vulnerability followed by cryptographic failures and injection flaws respectively.

Cryptographic failures, previously known as sensitive data exposure, are a vulnerability related to the failure of cryptographic algorithms that could potentially lead to unwanted exposure of sensitive information.

Along with these, insecure design and security misconfiguration take fourth and fifth place in the list.

Insecure design mainly focuses on risks and threats regarding design flaws. Security misconfiguration includes wrongly configuring permissions on cloud services, installing or enabling unnecessary features, and so on.

Using components with known vulnerability, broken authentication, software, and data integrity failures, insufficient logging and server-side request forgery (SSRF) takes sixth, seventh, eighth, ninth, and tenth position respectively in the OWASP Top 10 Security Vulnerabilities of  2021.


Share It On:

Recent Posts

Dursikshya Education Network Successfully Concludes Finals of Discovery Education & Edutech’s National Coding Competition – Nepal Edition

Dursikshya Education Network Successfully Concludes Finals of Discovery Education &

Share It On:22nd December 2024, Kathmandu Dursikshya Education Network, in collaboration with Edutech India, Discovery Education UK, and ICT Frame

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet Dialogue

Child Online Protection in Nepal: Insights From UNICEF and ChildSafeNet

Share It On:21st December 2024, Kathmandu A high-level dialogue on child online protection organized by UNICEF, in partnership with ChildSafeNet,

Support Your NPL Team With Ncell’s Exclusive PRBTs

Support Your NPL Team With Ncell’s Exclusive PRBTs

Share It On:20th December 2024, Kathmandu As the finale of the Nepal Premier League (NPL), the ‘Festival of the Himalayas,’

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Garima Bank Cash Dividend Proposal: 5% for Shareholders

Share It On: 20th December 2024, Kathmandu Garima Bikas Bank has announced its decision to offer a cash dividend to

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital Payment Users

Citizens Bank and SM Dental Partnership: Exclusive Discounts for Digital

Share It On: 20th December 2024, kathmandu Citizens Bank International Limited has formed a strategic partnership with SM Dental and

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access to Assistance

Nabil Bank Toll-Free Number for Easy Banking Support: 24/7 Access

Share It On: 20th December 2024, kathmandu Nabil Bank Limited has rolled out a new initiative to improve customer support