A Guide to Web Application Security for Beginners
What is web application security?
Applying security practices to web services. We want to protect the front end of application to prevent abuse of the back-end or user data. Most vulnerabilities are in the Application layer of the OSI model. How can we detect and prevent these web vulnerabilities?
OWASP is an organization that strives to improve software security. They research CWEs (basically CVEs) and build the list based on the most common web vulnerabilities.
OWASP Top 10
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Files
- Server-Side Request Forgery
Side Note: Burp Suite is a well-known web application security tool owned by PortSwigger. Their website includes whitepapers of different web vulnerabilities, including all of the Top 10. Here’s the website…