owasp top 10 application security risks

The authoritative security organization Owasp has just updated top 10:https://www.owasp.org/index.php/top_10_2013-top_10 ten security vulnerabilities: 1. injection, including SQL, operating system, and LDAP injection. 2. Problematic identification of session management. 3. Cross-site scripting attacks (XSS). 4. Unsafe

exposes a reference to an internal implementation object, such as a file , directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data . Cross Site Request forgery (CSRF) A CSRF attack forces a logged-on victim ' s browser to send a forged HTTP request, including the victim's session cookie and Any and automatically included authentication information, to a vulnerab

OWASP top 10 top 3rd threats: "corrupted authentication and session management". In short, attackers can obtain the sessionID By eavesdropping the user name and password when accessing HTTP, or by session, then impersonate the user's Http access process.Because HTTP itself is stateless, that is to say, each HTTP access request carries a personal credential, and SessionID is used to track the status, session

2005.3.22 ou yanliang Course Introduction How to apply the features in. NET Framework to protect code security Basic Content Familiar with. NET Development Course Arrangement Authentication Authorization Encryption Strongly-named assembly Code access security Middle Layer Security How to Avoid SQL Injection Authentication Use Credential to uniquely identify a

Today, with the rapid evolution of Web technology and the vigorous development of e-commerce, many new applications developed by enterprises are Web applications, in addition, Web services are increasingly used to integrate or interact with Web applications. These trends bring about the following problems: the growth of Web applications and services has exceeded the security training and security awareness

sites still store user passwords in plain text and adopt an outdated HASH algorithm, attackers can easily obtain user-related information. Many functions of some sites depend on the existing database design and related structured data, which makes it very difficult to modify users' hash algorithms in the future.8:SSL,COOKIESetHTTPONLYAndSTSAny website that does not support SSL encrypted transmission is vulnerable to man-in-the-middle attacks. HTTPONLY and STS are not set for cookies, and they a

application. it is based on new technology andIt can use existing code to provide protection. BinarysecBinarysecIs web application software firewall, and it protects applications against illegitimate HTTP and blocks suspicious requests as well. It provides protection against Cross Site Scripting, commend injections, parameter tampering, buffer overflow, directory traversal,SQL Injection and attack obstruc