Unvalidated Redirects and Forwards - OWASP #10

URL redirections to internal and external destinations are a pretty common occurrence. Almost all modern day websites and applications make use of user redirecting or URL forwarding techniques to divert visitors to other internal pages or external sources.

Full Article
Sensitive Data Exposure - OWASP #7

Sensitive data leakage is a leading cause of embarrassment and data exploitation world-wide. This blog post will discuss number six on the Open Web Application Security Project (OWASP) top ten list, sensitive data exposure. 

Full Article
Security Misconfiguration - OWASP #6

Threats that arise due to any insecure configuration of underlying components and modules within a web environment are clubbed under Security Misconfiguration vulnerabilities. It occupies the 6th slot in the list of OWASP Top-10 web vulnerabilities.

Full Article
Cross-Site Request Forgery (CSRF) - OWASP #5

Cross-Site Request Forgery, also known as one-click attack or session riding, is a type of exploit where unauthorized actions are transmitted from a user's browser to the attacked website without the user's knowledge.

Full Article
Cross-Site Scripting (XSS) - OWASP #3

Third in the list of OWASP Top 10 web security vulnerabilities, Cross-Site Scripting is fundamentally different from the first two vulnerabilities discussed so far. Instead of targeting the server environment, Cross-Site Scripting (XSS) is executed on the client side using the web browsing program as the attacking medium.

Full Article
SQL Injection Attacks and how to prevent them - OWASP #1

There have been more high profile cases of SQL injections causing total mayhem than we can count. But what are SQL injections anyway? What high profile websites' have been exposed due to it? And most importantly, how can you protect yourself against them?

Full Article