Description
|
Created by Namita Tomar
about 6 years ago
|
|
Page 1
Injection : What ? Untrusted user input is interpreted by server and executed What is impact ? Data modified and stolen. How to prevent it ? - Reject invalid/untrusted input - Use latest frameworks - Hire penetration testers
Page 2
Broken Authentication and session management What it is ? Incorrectly build auth and session management which allow attackers to impersonate other users. Impact ? Attacker can take identity of victim. How to prevent? Don't develop your own authentication scheme
Page 3
Cross Site Scripting (XSS) What it is ? Untrusted user input is interpreted by Browser and executed. What is the impact ? Hijack user sessions, deface websites and change content How to prevent it ? Escape untrusted data use latest UI framework.
Page 4
Broken Access Control What it is ? Restrictions on what authenticated users are allowed to do are not properly enforced. Impact ? Attackers can access data, view sensitive files and modify data How to prevent it ? - Check access rights to UI level and server level for the requests to resources. - Deny access by default
Page 5
Security Misconfiguration What it is ? Human mistake of misconfigurating the system Impact ? Depends on misconfiguration. worst misconfiguration can result in loss of data. How to prevent it ? - Force change of default credentials - Least privilege to system - Static code that scan code for default settings - Keep patching, updating and testing the system - Regularly audit system deployment in production.
Page 6
Sensitive Data Exposure What it is ? Sensitive data is exposed eg, social security number, passwords, health records. Impact ? Data that is lost, corrupted or exposed have serious implications on business continuity. How to prevent it ? - Always obscure data. - update cryptographic algorithm - use salted encryption on storage of passwords
Want to create your own Notes for free with GoConqr? Learn more.