4/18/2021 0 Comments Owasp Web Application Checklist
Insecure Direct Object References and Missing Function Level Access Controls merged to A5:2017-Broken Access Control.The attackers hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes.Sensitive data may be compromised without extra protection, such as encryption at rest or in transit, and requires special precautions when exchanged with the browser.
External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks. Attackers can exploit these flaws to access unauthorized functionality andor data, such as access other users accounts, view sensitive files, modify other users data, change access rights, etc. Not only must all operating systems, frameworks, libraries, and applications be securely configured, but they must be patched and upgraded in a timely fashion. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. Also, hackers in recent years are increasingly targeting w eb applications, since most networks are closely m onitored through Intrus ion Detec - tion Systems ( IDS ) and firewalls. Mamoona Humayun Mamoona Humayun This person is not on ResearchGate, or hasnt claimed this research yet. Zartasha Gul Zartasha Gul This person is not on ResearchGate, or hasnt claimed this research yet. Owasp Web Application Checklist Download Citation CopyAnsar Abbas The Islamia University of Bahawalpur Show all 5 authors Hide Download full-text PDF Read full-text Download full-text PDF Read full-text Download citation Copy link Link copied Read full-text Download citation Copy link Link copied Citations (17) References (21) Figures (10) Abstract and Figures In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. Owasp Web Application Checklist Software Development ModelThe vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.. Closely matched keywords.. Quality evaluation checklist. Phases of web applications in which VDMs are applied.. Studies with percentage according to year. Form for data extraction. Figures - available via license: Creative Commons Attribution 4.0 International Content may be subject to copyright. Discover the worlds research 20 million members 135 million publications 700k research projects Join for free Public Full-text 1 Available via license: CC BY 4.0 Content may be subject to copyright. ![]() ![]() The vul nerabilities existing in the web ap plication layer have been attributed either to using a n inappropriate software develo pment model to guide the deve - lopment process, or the use of a software development model that does not consider security as a key factor. The study extracted 519 publications f rom respectable scientific sources, i.e. After detailed review proces s, only 56 key primary studies were con sidered for this review based on defined inclusion and exclusion criteria. In our SLR, we have performe d a deep analysis on web applicatio n security vulnerabilities detection methods which help us to identif y the scope of SLR for comprehensivel y investigation in the fut ure research. Further in t his SLR considering OWASP Top 10 web application vulnera bilities discovered in 2012, we will attem pt to categories the accessible vulnerabilitie s. OWASP is major source to construct and validate web security processes and standards. Keywords Software Development Lifecycle, Web Applications, Security Vul nerabilities, Systematic Literature Review.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |