Creado por Namita Tomar
hace alrededor de 6 años
|
||
Injection : What ? Untrusted user input is interpreted by server and executed What is impact ? Data modified and stolen. How to prevent it ? - Reject invalid/untrusted input - Use latest frameworks - Hire penetration testers
Broken Authentication and session management What it is ? Incorrectly build auth and session management which allow attackers to impersonate other users. Impact ? Attacker can take identity of victim. How to prevent? Don't develop your own authentication scheme
Cross Site Scripting (XSS) What it is ? Untrusted user input is interpreted by Browser and executed. What is the impact ? Hijack user sessions, deface websites and change content How to prevent it ? Escape untrusted data use latest UI framework.
Broken Access Control What it is ? Restrictions on what authenticated users are allowed to do are not properly enforced. Impact ? Attackers can access data, view sensitive files and modify data How to prevent it ? - Check access rights to UI level and server level for the requests to resources. - Deny access by default
Security Misconfiguration What it is ? Human mistake of misconfigurating the system Impact ? Depends on misconfiguration. worst misconfiguration can result in loss of data. How to prevent it ? - Force change of default credentials - Least privilege to system - Static code that scan code for default settings - Keep patching, updating and testing the system - Regularly audit system deployment in production.
Sensitive Data Exposure What it is ? Sensitive data is exposed eg, social security number, passwords, health records. Impact ? Data that is lost, corrupted or exposed have serious implications on business continuity. How to prevent it ? - Always obscure data. - update cryptographic algorithm - use salted encryption on storage of passwords
¿Quieres crear tus propios Apuntes gratis con GoConqr? Más información.