Web Vulnerability or top 5 OWASP Web Vulnerability

January 23, 2020 Sachin Tiwari Web Security 0

Web Vulnerability

What is Web Vulnerabilities

The Web vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server.

Types Of Web Vulnerabilities

SQL Injections- Web Vulnerability

An SQL injection is one of the most commonly exploited website vulnerabilities. It is used frequently used to gain access to open source content management system (CMS) applications, such as Joomla, WordPress, and Drupal. 

This allows the cybercriminal to access the website in a variety of ways, including:

  • Injecting malicious/spam posts into a site
  • Stealing customer information
  • Bypassing authentication to gain full control of the website

Broken Authentication & Session management- Web Vulnerability

A broken authentication web vulnerability can allow an attacker to use manual and/or automatic mediums to try to gain control over an account he/she wants in a system – or even worse – to gain complete control over the system.

Broken Authentication usually refers to logic issues that occur on the application authentication mechanism, like bad session management prone to username enumeration.

Sensitive data exposures- Web Vulnerability

Sensitive data exposure is one of the most widespread web vulnerabilities. It consists of compromising data that should have been protected.

Examples of Sensitive Data

Some sensitive data that requires protection is:

  • Passwords
  • Credit card numbers
  • Credentials
  • Social Security Numbers
  • Health information
  • Personally Identifiable Information
  • Other personal information

Cross-Site Scripting (XSS) – Web Vulnerability

XSS web vulnerability occurs when attackers inject scripts through unsanitized user input or other fields on a website to execute code on the site.

Cross-site scripting is used to target website visitors, rather than the website or server itself. This often means attackers are injecting JavaScript on the website so that the script is executed in the visitor’s browser. Browsers are unable to discern whether or not the script is intended to be part of the website, resulting in malicious actions, including:

  • Hijacked session
  • Spams content
  • Session data stealing

Some of the largest-scale attacks against WordPress have been from cross-site-scripting vulnerabilities.

Broken Access Control- Web Vulnerabilities

Access control means to put a limit on what sections or pages visitors can reach

For example, Giving the access login pages easily on CRM, that’s the problem with almost all major content management systems (CMS) these days. By default, they give worldwide access to the admin panel. Most of them also won’t force you to establish a second-factor authentication method (2FA).

close
About Sachin Tiwari 81 Articles
I am a software engineer, and have an interest in web security or cybersecurity, love to learn in website security topic and sharing with others

Be the first to comment

Leave a Reply