6. Top Web Security Risks
●
OWASP:
– The
Open Web Application Security
Project.
– Website: https://www.owasp.org
– The OWASP Top Ten Project:
https://www.owasp.org/index.php/Top_10
7. Top Web Security Risks
A1.Injection
A2.Broken
Authentication
And Session
Management
A3.Cross-site
Scripting (XSS)
A4.Insecure
Direct Object
References
A5. Security
Misconfiguration
A6.Sensitive Data
Exposure
A7.Missing
Function Level
Access Control
A8.Cross site
Request Forgery
(CSRF)
A9.Using known
vulnerable
Components
A10.Unvalidated
Redirects And
Forwards
8. Web App Security Test Tools
●
●
●
●
●
A1.Injection → WA3F
A2.Broken Authentication And Session
Management → HackBar
A3.Cross-site scripting → ZAP
A4.Insecure Direct Object References →
Burp Suite
A5.Security Misconfiguration → Watobo
9. Web App Security Test Tools
●
A6.Sensitive Data Exposure → Calomel Addon
●
A7.Missing Fuction Level Access Control → Wikto
●
A8.Cross Site Request Forgery →Tamper Data
●
●
A9.Using known vulnerable components →
Dependency Check
A10.Unvalidated Redirects And Forwards →
Watcher
10. Web App Security Test Tools
●
A6.Sensitive Data Exposure → Calomel Addon
●
A7.Missing Fuction Level Access Control → Wikto
●
A8.Cross Site Request Forgery →Tamper Data
●
●
A9.Using known vulnerable components →
Dependency Check
A10.Unvalidated Redirects And Forwards →
Watcher