Look at OWASP Top 10 for year 2017 and 2013 showing list of top 10 vulnerabiliti

Question

Look at OWASP Top 10 for year 2017 and 2013 showing list of top 10 vulnerabilities in web application.

https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2013

In your own words (NOT copy and pasting plagiarism),

Assuming OWASP would do their next survey in 2018, you need to

1) briefly discuss what would be the top three vulnerabilities in a web application based on the results from 2017 and 2013. Explain why you think that way with the source of your information.

Thank You!

Requirements for the person that will be answering the above question.

* Type out responses in Your Own Words!

* Do not write on paper and send a photo.

* NO plagiarism/ NO copy and pasting from outside sources without properly citing your sources.

** FAILURE to adhere to the stated requirements will result in thumbs down and will be reported to Chegg administration. **

Explanation / Answer

The vulnerabilities in any web application arise due to the use of small system defects or unchecked data and other control problems that arise due to the factor of negligence. According to the list presented by OWASP. The vulnerabilities have become more sophisticated with their use in the systems from the year 2013 to 2017. But, even then there are a certain number of vulnerabilities that remain unchanged in both lists and will probably remain in the next list as well. These vulnerabilities that I have selected are:-

1. INJECTION

The problem with analyzing and maintaining data has inherent risks associated with it, especially when we take into account injection techniques based on the vulnerabilities in SQL and LDAP based injections. It should be noted that the attacker can trick the interpreter to execute unwanted commands which can make the system vulnerable to attacks and therefore, leave the system open to threats and this problem has continually been a problem for web-based applications.

2. SECURITY MISCONFIGURATION

The default configurations that a system comes with are sometimes flawed. This gives the attacker a good amount of changes to brute force their way into the application system and manipulates it for their use. Unless the system is patched regularly for known defects, threats and change in the sophistication of the attacks, the system will remain to be a target to attacks which make use of insecure configurations, misconfigured headers etc. causing the system to lose access to the attackers.

3. USING COMPONENTS WITH KNOWN VULNERABILITIES

Using any third party library for better functioning has its benefits as well as its risks. Not only does it make use of system level access but, if the framework is compromised, so would the system be. Therefore, since some API’s have known amount of associated risks, working around that problem will most probably result in a more secure system, rather than implementing it straight on causing the system to be compromised.

These are some of the most common vulnerabilities and since they are an important factor in the creation and maintenance of the framework, it will most probably result in the system being vulnerable to attacks which could be caused by any amount of negligence, no matter how small. Brute force attacks from the attacker can find even the smallest vulnerabilities in the system and exploit it to their own use. These will most likely be continued in the list as far as the implementation goes because their use is necessary for the creation of the system. Making it secure should be the main goal.

Related Questions

Navigate

• Browse (All)
• Browse L
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.