{"id":1,"date":"2023-05-26T05:44:07","date_gmt":"2023-05-26T05:44:07","guid":{"rendered":"http:\/\/box2537\/cgi\/addon_GT.cgi?s=GT::WP::Install::EIG+%28izgtndmy%29+-+127.0.0.1+%5Bnocaller%5D\/?p=1"},"modified":"2023-06-23T18:19:14","modified_gmt":"2023-06-23T18:19:14","slug":"owasp-10-vulnerabilities-its-mitigation","status":"publish","type":"post","link":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/","title":{"rendered":"OWASP TOP 10 vulnerabilities &#038; its mitigation ."},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"1\" class=\"elementor elementor-1\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-99d2be3 elementor-section-boxed elementor-section-height-default elementor-section-height-default wpr-particle-no wpr-jarallax-no wpr-parallax-no wpr-sticky-section-no wpr-equal-height-no\" data-id=\"99d2be3\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7e692223\" data-id=\"7e692223\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-3f14589e blog_detail_content elementor-widget elementor-widget-text-editor\" data-id=\"3f14589e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t\t\t\t\t\t\n<p class=\"reader-text-block__paragraph\">OWASP (also called Open Web Application Security Project) is the community in the area of web application security . Frequently it releases a list of Top 10 Security vulnerabilities which is most commonly found in web applications all around.<\/p>\n<p class=\"reader-text-block__paragraph\">In this article We are going to talk about the top 10 vulnerabilities which OWASP TOP 10 2021 talks about and the mitigation plan for the same .<\/p>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A01_2021-Broken_Access_Control\/\">A01:2021-Broken Access Control<\/a>\u00a0<\/li>\n<li>This is the NUMBER ONE vulnerability that is found quite often in web applications. The CORE idea of\u00a0this vulnerability\u00a0is &#8216;One who should have access must be the only one who must be able to access a particular resource&#8217;. Any deviation falls into this\u00a0category, in other words, an unauthorized person, or role should not be able to access a particular resource. (for example by using the same URL unauthorized\u00a0role\/person is able to access a resource )<\/li>\n<\/ul>\n<p class=\"reader-text-block__paragraph\">AFFECTED APPLICATIONS PERCENTAGE # 94 %<\/p>\n\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A02_2021-Cryptographic_Failures\/\">A02:2021-Cryptographic Failures<\/a>\u00a0This is NUMBER TWO vulnerability found in web applications . This talks about Sensitive Data Exposure, which points to the of lack of proper Security\u00a0protocols in place and could lead to application at risk. This risk could be mitigated with ensuring encryption based data\u00a0security\u00a0at\u00a0rest and in transit .<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A03_2021-Injection\/\">A03:2021-Injection<\/a>\u00a0This is a NUMBER THREE\u00a0vulnerability in web applications . This behaviour occurs when data accepted\u00a0as INPUT is unexpectedly processed as INSTRUCTIONS .Prime examples are CROSS-SITE SCRIPTING\u00a0.Mitigation of this kind of vulnerability lies in neutralising the Incoming data so that it\u00a0doesnt\u00a0get processed . Filter and Encoding the Incoming data is an effective measure .<\/li>\n<\/ul>\n<p class=\"reader-text-block__paragraph\">AFFECTED APPLICATIONS PERCENTAGE # 94 %<\/p>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A04_2021-Insecure_Design\/\">A04:2021-Insecure Design<\/a>\u00a0This is a\u00a0new category introduced in the OWASP 2021 at NUMBER FOUR vulnerability . This touches upon and gives\u00a0importance to the design phase considerations for a\u00a0secure application .For example<\/li>\n<li>a) Having a strong password policy<\/li>\n<li>b) Proper API gateways and firewalls with considerable amount of security .\u00a0<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A05_2021-Security_Misconfiguration\/\">A05:2021-Security Misconfiguration<\/a>\u00a0This is a NUMBER FIVE vulnerability in web\u00a0based applications . This primarily\u00a0points out the misconfigurations while installations. Default configurations\u00a0could be one good subcategory for this type of vulnerability .For example using default passwords of a common portal product in the market . Surprisingly\u00a0OWASP Foundation indicates 90 percent of the applications were tested for some form of misconfigurations .<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A06_2021-Vulnerable_and_Outdated_Components\/\">A06:2021-Vulnerable and Outdated Components<\/a>\u00a0This is a NUMBER SIX vulnerability . Loopholes in Installed softwares quite often poses the risk of hackers getting into your system and causing unimaginable problems . That is\u00a0the reason\u00a0software products companies keep testing\u00a0their products against the latest vulnerabilities and continue creating security patches . The practice of getting the latest Software patches\/Security\u00a0patches installed should be adhered religiously . Leaders should assure that the process and people&#8217;s challenges should not allow this vulnerability .<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A07_2021-Identification_and_Authentication_Failures\/\">A07:2021-Identification and Authentication Failures<\/a>\u00a0This vulnerability points out at the issue of identification failures by application . This category is still an integral part of the Top 10, but the increased availability of Authentication in standardized frameworks seems to be helping.<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A08_2021-Software_and_Data_Integrity_Failures\/\">A08:2021-Software and Data Integrity Failures<\/a>\u00a0This category is newly introduced in 2021 . This points\u00a0out the quite\u00a0often problem in today&#8217;s Iterative software development. No doubt the Iterative model has empowered the projects to deliver\u00a0fast but at the same time in the hurry of delivering new security issues getting introduced is also a major problem . So steps like security testing after every iteration can mitigate this vulnerability .<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A09_2021-Security_Logging_and_Monitoring_Failures\/\">A09:2021-Security Logging and Monitoring Failures<\/a>\u00a0Unable to keep a watch on WHO , WHEN and from WHERE logged into our system can lead to this vulnerability . Mitigation could be broadly categorised\u00a0as follows<\/li>\n<li>a) MONITORING software installations for Audit who accessed, when assessed, from where and what resources were accessed . Also what actions were performed .\u00a0<\/li>\n<li>b) ALERTING when unexpected event happens .Like\u00a0logged in from new location , odd hours<\/li>\n<\/ul>\n<ul>\n<li><a href=\"https:\/\/owasp.org\/Top10\/A10_2021-Server-Side_Request_Forgery_%28SSRF%29\/\">A10:2021-Server-Side Request Forgery<\/a>\u00a0This category points at vulnerability like Crafted requests with malicious intentions . Mitigation falls in having things like Allowed set of IPs \/ Not Allowed set of IPs to access the systems .<\/li>\n<\/ul>\n<p class=\"reader-text-block__paragraph\">References :- OWASP Top 10 Resources .<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>OWASP (also called Open Web Application Security Project) is the community in the area of web application security . Frequently it releases a list of Top 10 Security vulnerabilities which is most commonly found in web applications all around. In this article We are going to talk about the top 10 vulnerabilities which OWASP TOP 10 2021 talks about and the mitigation plan for the same . A01:2021-Broken Access Control\u00a0 This is the NUMBER ONE vulnerability that is found quite often in web applications. The CORE idea of\u00a0this vulnerability\u00a0is &#8216;One who should have access must be the only one who must be able to access a particular resource&#8217;. Any deviation falls into this\u00a0category, in other words, an unauthorized person, or role should not be able to access a particular resource. (for example by using the same URL unauthorized\u00a0role\/person is able to access a resource ) AFFECTED APPLICATIONS PERCENTAGE # 94 % A02:2021-Cryptographic Failures\u00a0This is NUMBER TWO vulnerability found in web applications . This talks about Sensitive Data Exposure, which points to the of lack of proper Security\u00a0protocols in place and could lead to application at risk. This risk could be mitigated with ensuring encryption based data\u00a0security\u00a0at\u00a0rest and in transit . A03:2021-Injection\u00a0This is a NUMBER THREE\u00a0vulnerability in web applications . This behaviour occurs when data accepted\u00a0as INPUT is unexpectedly processed as INSTRUCTIONS .Prime examples are CROSS-SITE SCRIPTING\u00a0.Mitigation of this kind of vulnerability lies in neutralising the Incoming data so that it\u00a0doesnt\u00a0get processed . Filter and Encoding the Incoming data is an effective measure . AFFECTED APPLICATIONS PERCENTAGE # 94 % A04:2021-Insecure Design\u00a0This is a\u00a0new category introduced in the OWASP 2021 at NUMBER FOUR vulnerability . This touches upon and gives\u00a0importance to the design phase considerations for a\u00a0secure application .For example a) Having a strong password policy b) Proper API gateways and firewalls with considerable amount of security .\u00a0 A05:2021-Security Misconfiguration\u00a0This is a NUMBER FIVE vulnerability in web\u00a0based applications . This primarily\u00a0points out the misconfigurations while installations. Default configurations\u00a0could be one good subcategory for this type of vulnerability .For example using default passwords of a common portal product in the market . Surprisingly\u00a0OWASP Foundation indicates 90 percent of the applications were tested for some form of misconfigurations . A06:2021-Vulnerable and Outdated Components\u00a0This is a NUMBER SIX vulnerability . Loopholes in Installed softwares quite often poses the risk of hackers getting into your system and causing unimaginable problems . That is\u00a0the reason\u00a0software products companies keep testing\u00a0their products against the latest vulnerabilities and continue creating security patches . The practice of getting the latest Software patches\/Security\u00a0patches installed should be adhered religiously . Leaders should assure that the process and people&#8217;s challenges should not allow this vulnerability . A07:2021-Identification and Authentication Failures\u00a0This vulnerability points out at the issue of identification failures by application . This category is still an integral part of the Top 10, but the increased availability of Authentication in standardized frameworks seems to be helping. A08:2021-Software and Data Integrity Failures\u00a0This category is newly introduced in 2021 . This points\u00a0out the quite\u00a0often problem in today&#8217;s Iterative software development. No doubt the Iterative model has empowered the projects to deliver\u00a0fast but at the same time in the hurry of delivering new security issues getting introduced is also a major problem . So steps like security testing after every iteration can mitigate this vulnerability . A09:2021-Security Logging and Monitoring Failures\u00a0Unable to keep a watch on WHO , WHEN and from WHERE logged into our system can lead to this vulnerability . Mitigation could be broadly categorised\u00a0as follows a) MONITORING software installations for Audit who accessed, when assessed, from where and what resources were accessed . Also what actions were performed .\u00a0 b) ALERTING when unexpected event happens .Like\u00a0logged in from new location , odd hours A10:2021-Server-Side Request Forgery\u00a0This category points at vulnerability like Crafted requests with malicious intentions . Mitigation falls in having things like Allowed set of IPs \/ Not Allowed set of IPs to access the systems . References :- OWASP Top 10 Resources .<\/p>\n","protected":false},"author":1,"featured_media":1987,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"fifu_image_url":"","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[19],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-blog"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>OWASP TOP 10 vulnerabilities &amp; its mitigation . -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"OWASP TOP 10 vulnerabilities &amp; its mitigation . -\" \/>\n<meta property=\"og:description\" content=\"OWASP (also called Open Web Application Security Project) is the community in the area of web application security . Frequently it releases a list of Top 10 Security vulnerabilities which is most commonly found in web applications all around. In this article We are going to talk about the top 10 vulnerabilities which OWASP TOP 10 2021 talks about and the mitigation plan for the same . A01:2021-Broken Access Control\u00a0 This is the NUMBER ONE vulnerability that is found quite often in web applications. The CORE idea of\u00a0this vulnerability\u00a0is &#8216;One who should have access must be the only one who must be able to access a particular resource&#8217;. Any deviation falls into this\u00a0category, in other words, an unauthorized person, or role should not be able to access a particular resource. (for example by using the same URL unauthorized\u00a0role\/person is able to access a resource ) AFFECTED APPLICATIONS PERCENTAGE # 94 % A02:2021-Cryptographic Failures\u00a0This is NUMBER TWO vulnerability found in web applications . This talks about Sensitive Data Exposure, which points to the of lack of proper Security\u00a0protocols in place and could lead to application at risk. This risk could be mitigated with ensuring encryption based data\u00a0security\u00a0at\u00a0rest and in transit . A03:2021-Injection\u00a0This is a NUMBER THREE\u00a0vulnerability in web applications . This behaviour occurs when data accepted\u00a0as INPUT is unexpectedly processed as INSTRUCTIONS .Prime examples are CROSS-SITE SCRIPTING\u00a0.Mitigation of this kind of vulnerability lies in neutralising the Incoming data so that it\u00a0doesnt\u00a0get processed . Filter and Encoding the Incoming data is an effective measure . AFFECTED APPLICATIONS PERCENTAGE # 94 % A04:2021-Insecure Design\u00a0This is a\u00a0new category introduced in the OWASP 2021 at NUMBER FOUR vulnerability . This touches upon and gives\u00a0importance to the design phase considerations for a\u00a0secure application .For example a) Having a strong password policy b) Proper API gateways and firewalls with considerable amount of security .\u00a0 A05:2021-Security Misconfiguration\u00a0This is a NUMBER FIVE vulnerability in web\u00a0based applications . This primarily\u00a0points out the misconfigurations while installations. Default configurations\u00a0could be one good subcategory for this type of vulnerability .For example using default passwords of a common portal product in the market . Surprisingly\u00a0OWASP Foundation indicates 90 percent of the applications were tested for some form of misconfigurations . A06:2021-Vulnerable and Outdated Components\u00a0This is a NUMBER SIX vulnerability . Loopholes in Installed softwares quite often poses the risk of hackers getting into your system and causing unimaginable problems . That is\u00a0the reason\u00a0software products companies keep testing\u00a0their products against the latest vulnerabilities and continue creating security patches . The practice of getting the latest Software patches\/Security\u00a0patches installed should be adhered religiously . Leaders should assure that the process and people&#8217;s challenges should not allow this vulnerability . A07:2021-Identification and Authentication Failures\u00a0This vulnerability points out at the issue of identification failures by application . This category is still an integral part of the Top 10, but the increased availability of Authentication in standardized frameworks seems to be helping. A08:2021-Software and Data Integrity Failures\u00a0This category is newly introduced in 2021 . This points\u00a0out the quite\u00a0often problem in today&#8217;s Iterative software development. No doubt the Iterative model has empowered the projects to deliver\u00a0fast but at the same time in the hurry of delivering new security issues getting introduced is also a major problem . So steps like security testing after every iteration can mitigate this vulnerability . A09:2021-Security Logging and Monitoring Failures\u00a0Unable to keep a watch on WHO , WHEN and from WHERE logged into our system can lead to this vulnerability . Mitigation could be broadly categorised\u00a0as follows a) MONITORING software installations for Audit who accessed, when assessed, from where and what resources were accessed . Also what actions were performed .\u00a0 b) ALERTING when unexpected event happens .Like\u00a0logged in from new location , odd hours A10:2021-Server-Side Request Forgery\u00a0This category points at vulnerability like Crafted requests with malicious intentions . Mitigation falls in having things like Allowed set of IPs \/ Not Allowed set of IPs to access the systems . References :- OWASP Top 10 Resources .\" \/>\n<meta property=\"og:url\" content=\"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-26T05:44:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-23T18:19:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"940\" \/>\n\t<meta property=\"og:image:height\" content=\"627\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"YoungIT\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"YoungIT\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/\"},\"author\":{\"name\":\"YoungIT\",\"@id\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/#\\\/schema\\\/person\\\/b46ed295bea3af3f3a4c263e64c82686\"},\"headline\":\"OWASP TOP 10 vulnerabilities &#038; its mitigation .\",\"datePublished\":\"2023-05-26T05:44:07+00:00\",\"dateModified\":\"2023-06-23T18:19:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/\"},\"wordCount\":673,\"commentCount\":1,\"image\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/youngitconsulting.de\\\/staging\\\/2187\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/choose-us.jpg?fit=940%2C627&ssl=1\",\"keywords\":[\"Blog\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/\",\"url\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/\",\"name\":\"OWASP TOP 10 vulnerabilities & its mitigation . -\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/youngitconsulting.de\\\/staging\\\/2187\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/choose-us.jpg?fit=940%2C627&ssl=1\",\"datePublished\":\"2023-05-26T05:44:07+00:00\",\"dateModified\":\"2023-06-23T18:19:14+00:00\",\"author\":{\"@id\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/#\\\/schema\\\/person\\\/b46ed295bea3af3f3a4c263e64c82686\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/youngitconsulting.de\\\/staging\\\/2187\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/choose-us.jpg?fit=940%2C627&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/youngitconsulting.de\\\/staging\\\/2187\\\/wp-content\\\/uploads\\\/2023\\\/06\\\/choose-us.jpg?fit=940%2C627&ssl=1\",\"width\":940,\"height\":627},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/owasp-10-vulnerabilities-its-mitigation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"OWASP TOP 10 vulnerabilities &#038; its mitigation .\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/#website\",\"url\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/\",\"name\":\"\",\"description\":\"IT Consulting , Liferay DXP , Salesforce , Java Consulting\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\\\/\\\/izg.tnd.mybluehost.me\\\/#\\\/schema\\\/person\\\/b46ed295bea3af3f3a4c263e64c82686\",\"name\":\"YoungIT\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g\",\"caption\":\"YoungIT\"},\"sameAs\":[\"http:\\\/\\\/box2537\\\/cgi\\\/addon_GT.cgi?s=GT::WP::Install::EIG+%28izgtndmy%29+-+127.0.0.1+%5Bnocaller%5D\"],\"url\":\"https:\\\/\\\/youngitconsulting.de\\\/staging\\\/2187\\\/author\\\/izgtndmy\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"OWASP TOP 10 vulnerabilities & its mitigation . -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/","og_locale":"en_US","og_type":"article","og_title":"OWASP TOP 10 vulnerabilities & its mitigation . -","og_description":"OWASP (also called Open Web Application Security Project) is the community in the area of web application security . Frequently it releases a list of Top 10 Security vulnerabilities which is most commonly found in web applications all around. In this article We are going to talk about the top 10 vulnerabilities which OWASP TOP 10 2021 talks about and the mitigation plan for the same . A01:2021-Broken Access Control\u00a0 This is the NUMBER ONE vulnerability that is found quite often in web applications. The CORE idea of\u00a0this vulnerability\u00a0is &#8216;One who should have access must be the only one who must be able to access a particular resource&#8217;. Any deviation falls into this\u00a0category, in other words, an unauthorized person, or role should not be able to access a particular resource. (for example by using the same URL unauthorized\u00a0role\/person is able to access a resource ) AFFECTED APPLICATIONS PERCENTAGE # 94 % A02:2021-Cryptographic Failures\u00a0This is NUMBER TWO vulnerability found in web applications . This talks about Sensitive Data Exposure, which points to the of lack of proper Security\u00a0protocols in place and could lead to application at risk. This risk could be mitigated with ensuring encryption based data\u00a0security\u00a0at\u00a0rest and in transit . A03:2021-Injection\u00a0This is a NUMBER THREE\u00a0vulnerability in web applications . This behaviour occurs when data accepted\u00a0as INPUT is unexpectedly processed as INSTRUCTIONS .Prime examples are CROSS-SITE SCRIPTING\u00a0.Mitigation of this kind of vulnerability lies in neutralising the Incoming data so that it\u00a0doesnt\u00a0get processed . Filter and Encoding the Incoming data is an effective measure . AFFECTED APPLICATIONS PERCENTAGE # 94 % A04:2021-Insecure Design\u00a0This is a\u00a0new category introduced in the OWASP 2021 at NUMBER FOUR vulnerability . This touches upon and gives\u00a0importance to the design phase considerations for a\u00a0secure application .For example a) Having a strong password policy b) Proper API gateways and firewalls with considerable amount of security .\u00a0 A05:2021-Security Misconfiguration\u00a0This is a NUMBER FIVE vulnerability in web\u00a0based applications . This primarily\u00a0points out the misconfigurations while installations. Default configurations\u00a0could be one good subcategory for this type of vulnerability .For example using default passwords of a common portal product in the market . Surprisingly\u00a0OWASP Foundation indicates 90 percent of the applications were tested for some form of misconfigurations . A06:2021-Vulnerable and Outdated Components\u00a0This is a NUMBER SIX vulnerability . Loopholes in Installed softwares quite often poses the risk of hackers getting into your system and causing unimaginable problems . That is\u00a0the reason\u00a0software products companies keep testing\u00a0their products against the latest vulnerabilities and continue creating security patches . The practice of getting the latest Software patches\/Security\u00a0patches installed should be adhered religiously . Leaders should assure that the process and people&#8217;s challenges should not allow this vulnerability . A07:2021-Identification and Authentication Failures\u00a0This vulnerability points out at the issue of identification failures by application . This category is still an integral part of the Top 10, but the increased availability of Authentication in standardized frameworks seems to be helping. A08:2021-Software and Data Integrity Failures\u00a0This category is newly introduced in 2021 . This points\u00a0out the quite\u00a0often problem in today&#8217;s Iterative software development. No doubt the Iterative model has empowered the projects to deliver\u00a0fast but at the same time in the hurry of delivering new security issues getting introduced is also a major problem . So steps like security testing after every iteration can mitigate this vulnerability . A09:2021-Security Logging and Monitoring Failures\u00a0Unable to keep a watch on WHO , WHEN and from WHERE logged into our system can lead to this vulnerability . Mitigation could be broadly categorised\u00a0as follows a) MONITORING software installations for Audit who accessed, when assessed, from where and what resources were accessed . Also what actions were performed .\u00a0 b) ALERTING when unexpected event happens .Like\u00a0logged in from new location , odd hours A10:2021-Server-Side Request Forgery\u00a0This category points at vulnerability like Crafted requests with malicious intentions . Mitigation falls in having things like Allowed set of IPs \/ Not Allowed set of IPs to access the systems . References :- OWASP Top 10 Resources .","og_url":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/","article_published_time":"2023-05-26T05:44:07+00:00","article_modified_time":"2023-06-23T18:19:14+00:00","og_image":[{"width":940,"height":627,"url":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg","type":"image\/jpeg"}],"author":"YoungIT","twitter_card":"summary_large_image","twitter_misc":{"Written by":"YoungIT","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#article","isPartOf":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/"},"author":{"name":"YoungIT","@id":"http:\/\/izg.tnd.mybluehost.me\/#\/schema\/person\/b46ed295bea3af3f3a4c263e64c82686"},"headline":"OWASP TOP 10 vulnerabilities &#038; its mitigation .","datePublished":"2023-05-26T05:44:07+00:00","dateModified":"2023-06-23T18:19:14+00:00","mainEntityOfPage":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/"},"wordCount":673,"commentCount":1,"image":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg?fit=940%2C627&ssl=1","keywords":["Blog"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/","url":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/","name":"OWASP TOP 10 vulnerabilities & its mitigation . -","isPartOf":{"@id":"http:\/\/izg.tnd.mybluehost.me\/#website"},"primaryImageOfPage":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#primaryimage"},"image":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg?fit=940%2C627&ssl=1","datePublished":"2023-05-26T05:44:07+00:00","dateModified":"2023-06-23T18:19:14+00:00","author":{"@id":"http:\/\/izg.tnd.mybluehost.me\/#\/schema\/person\/b46ed295bea3af3f3a4c263e64c82686"},"breadcrumb":{"@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#primaryimage","url":"https:\/\/i0.wp.com\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg?fit=940%2C627&ssl=1","contentUrl":"https:\/\/i0.wp.com\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg?fit=940%2C627&ssl=1","width":940,"height":627},{"@type":"BreadcrumbList","@id":"https:\/\/youngitconsulting.de\/staging\/2187\/owasp-10-vulnerabilities-its-mitigation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/youngitconsulting.de\/staging\/2187\/"},{"@type":"ListItem","position":2,"name":"OWASP TOP 10 vulnerabilities &#038; its mitigation ."}]},{"@type":"WebSite","@id":"http:\/\/izg.tnd.mybluehost.me\/#website","url":"http:\/\/izg.tnd.mybluehost.me\/","name":"","description":"IT Consulting , Liferay DXP , Salesforce , Java Consulting","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/izg.tnd.mybluehost.me\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/izg.tnd.mybluehost.me\/#\/schema\/person\/b46ed295bea3af3f3a4c263e64c82686","name":"YoungIT","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/45f6160db01519229a2463b514b42085e51d1816913b18ffa5181a439cc7999c?s=96&d=mm&r=g","caption":"YoungIT"},"sameAs":["http:\/\/box2537\/cgi\/addon_GT.cgi?s=GT::WP::Install::EIG+%28izgtndmy%29+-+127.0.0.1+%5Bnocaller%5D"],"url":"https:\/\/youngitconsulting.de\/staging\/2187\/author\/izgtndmy\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/youngitconsulting.de\/staging\/2187\/wp-content\/uploads\/2023\/06\/choose-us.jpg?fit=940%2C627&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":5,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":4604,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/posts\/1\/revisions\/4604"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/media\/1987"}],"wp:attachment":[{"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/youngitconsulting.de\/staging\/2187\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}