OWASP Top 10 - A10 Unvalidated Redirects and Forwards
Description If a user is redirected or forwarded to a page defined by an unverified…
OWASP Top 10 - A9 Using Components with Known Vulnerabilities
Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows…
OWASP Top 10 - A8 Cross-Site Request Forgery (CSRF)
Description An attacker sends a request to a website you are authenticated on to execute…
OWASP Top 10 - A7 Missing Function Level Access Control
Description In a web application with different user roles, authentication is not enough. Each request…
OWASP Top 10 - A6 Sensitive Data Exposure
Description We have seen in the previous articles that an experienced attacker can easily intercept…
OWASP Top 10 - A5 Security Misconfiguration
Description Nowadays, besides the operating system and the JRE, most of the Java applications are…
OWASP Top 10 - A4 Insecure Direct Object References
Description The application exposes a direct reference (functional identifier, database key, file path…) to a…
OWASP Top 10 - A3 Cross Site Scripting (XSS)
Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to…
OWASP Top 10 - A2 Broken Authentication and Session Management
Description The attacker steals his victim’s credentials or any information that will help him…
Description The attacker sends untrusted data that will be injected in the targeted application to…
When starting a new web application, the security risks are sadly often underestimated by everyone…