Published on February 19th, 2020 | by Sunit Nandi


Web Application Security Standards

With all good things, come something terrible or the other. As web applications are rising in numbers, they are also the number one target for security breaches and hacks. Thus, the Open Web Application Security Project or the OWASP has come up with a list of flaws of critical security, which provides the developers with a clear-cut set of priorities when it comes to the standards of security for web applications.

These flaws are acknowledged widely among the developer community. OWASP is a non-profit organization that provides all kinds of practical information on securities of applications. The list of flaws is thus known as the OWASP Top Ten. Let us take a look.

The OWASP Top 10


These occur when an interpreter receives untrusted data as a part of a query or command.

Cross-Site Scripting XSS

These flaws occur when an application, without adequate escaping or validation, has untrusted data within a new page.

Broken Authentication

Sometimes attackers can easily compromise with keys, passwords, and so on if the functions of the application related to session management and authentication are not adequately implemented.

Security Misconfiguration

The most common issue, this flaw is usually the result of default configurations being poorly secured. All operating systems, libraries, frameworks, and more should not just be configured in a secured manner but must also be upgraded and patched punctually.

Insecure Direct Object References

This usually leads up to the remote execution of code. They can also be the cause of attacks of all kinds.

Sensitive Exposure of Data

This flaw points out that facts that many applications have poorly protected sensitive data, such as healthcare, financial, or PII. This poor security may cause a lot of trouble if not appropriately protected.

Insufficient monitoring and logging

This flaw, along with some missing or useless integration and incident response, can prove to have violent attacks and many more.

Broken Control of Access

It implies that sometimes the restrictions of the perimeter of what an authorized user can and cannot do is not enforced correctly.

XML external entities

This flaw recalls that old XML processors, which are poorly configured, tend to have evaluation externally. These external entities can reveal internal files by using internal shares of the file, the URI handler file, and service attack denial

Using components with known vulnerabilities

Various components, including frameworks and libraries, run on privileges that are the same as the applications. If the vulnerable component is somehow plundered, it may lead to data loss or, worse, a server takeover.

This information was taken from source, which aims to resolve your queries if you’re working on web application projects.

Tags: ,

About the Author

Avatar photo

I'm the leader of Techno FAQ. Also an engineering college student with immense interest in science and technology. Other interests include literature, coin collecting, gardening and photography. Always wish to live life like there's no tomorrow.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑