Lecture: The dark and stormy world of Web Application Security

Lecture: The dark and stormy world of Web Application Security
OWASP TOP 10 https://www.owasp.org/index.php/Main_Page
- Top 10 attack technologies used by hackers.

• A1: Injection - SQL injection

   Non-SQL: MangoDB... can it be sql injected? Yes.

  XML injection.

• A2: Cross-Site Scripting (XSS)

even though you try to replace <script>

<sc<script>ript>alert(1)</script>

• A3: Broken Authentication and Session Management

SSL ->HTTPS 

• A4: Insecure Direct Object References
• A5: Cross-Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Insecure Cryptographic Storage

Hashes -hash collison (Don't need to worry about when amount of transactions is small), Asym, Sym

• A8: Failure to Restrict URL Access

ACEGI in Java

• A9: Insufficient Transport Layer Protection

SSL, TLS: Transport Layer Security

• A10: Unvalidated Redirects and Forwards