Kiểm soát truy cập là một khía cạnh quan trọng để đảm bảo an ninh của các ứng dụng web. Các lỗ hổng kiểm soát truy cập bị hỏng có thể dẫn…
Tag: ethical
Broken Access Control
Il controllo degli accessi è un aspetto critico per garantire la sicurezza delle applicazioni web. Le vulnerabilità del controllo degli accessi difettoso possono portare a accessi non autorizzati, divulgazione di dati e…
Broken Access Control
El control d’accés és un aspecte crític per garantir la seguretat de les aplicacions web. Les vulnerabilitats del control d’accés trencat poden portar a l’accés no autoritzat, a la divulgació de dades…
Broken Access Control
El control de acceso es un aspecto crítico para garantizar la seguridad de las aplicaciones web. Las vulnerabilidades de control de acceso incorrecto pueden llevar a accesos no autorizados, divulgación de datos…
Identification and Authentication Failures – VIDEO
Authentication-related vulnerabilities, previously known as Broken Authentication, have become a significant concern. This category now includes weaknesses in identification processes. Notable vulnerabilities in this realm include CWE-297, CWE-287, and CWE-384. Properly confirming…
Vulnerable and Outdated Components – VIDEO
Vulnerable Components pose a unique challenge in application security, as they lack mapped Common Vulnerability and Exposures (CVEs) and are often difficult to test. In this post, we will explore the impact…
Insecure Design – VIDEO
Insecure design and architectural flaws are a new category of risks for 2021, and it is crucial to move beyond “shift-left” in the coding space to pre-code activities critical for the principles…
Security Misconfiguration – VIDEO
Misconfigurations in application security can pose a significant risk to organizations, potentially leading to unauthorized access, data breaches, and exploitation. It is alarming to note that approximately 90% of applications undergo testing…
Injection – VIDEO
Injection attacks pose a significant security threat to modern applications, with SQL, NoSQL, OS command, ORM, LDAP, and EL or OGNL injection being the most common types. Developers and organizations can prevent…
Security Logging and Monitoring Failures – VIDEO
In the ever-evolving landscape of cybersecurity, the significance of security logging and monitoring cannot be overstated. This category has risen to #3 in the OWASP Top 10 2021, highlighting its critical role…