OWASP Top Web Application Security Risks

Listen to this Post

The OWASP Top 10 is a list of the most critical web application security risks, curated by the Open Web Application Security Project (OWASP). It provides guidance for developers, security professionals, and organizations to identify, mitigate, and prevent common vulnerabilities in web applications. An update is planned for the first half of 2025.

Broken Access Control (A01:2021)

  • Description: Improperly enforced permissions allow unauthorized access to resources or actions.
  • Examples: Privilege escalation, accessing restricted files, modifying other users’ data.

You Should Know:

 Linux command to check file permissions 
ls -la /var/www/html

Prevent directory traversal in Apache 
sudo nano /etc/apache2/apache2.conf 
 Add: 
<Directory /var/www/> 
Options -Indexes 
AllowOverride None 
Require all granted 
</Directory> 

Cryptographic Failures (A02:2021)

  • Description: Inadequate or improper use of cryptography exposes sensitive data.
  • Examples: Storing passwords in plaintext, using weak encryption algorithms.

You Should Know:

 Generate strong SSL certificate 
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Check weak ciphers in OpenSSL 
openssl ciphers -v 'DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!SSLv2' 

Injection (A03:2021)

  • Description: Untrusted input is sent to an interpreter, allowing attackers to execute commands.
  • Examples: SQL injection, Command injection.

You Should Know:

-- Parameterized query example (Prevent SQLi) 
SELECT  FROM users WHERE username = ? AND password = ?; 
 Sanitize input in Bash scripts 
read -p "Enter input: " user_input 
sanitized_input=$(echo "$user_input" | sed 's/[^a-zA-Z0-9]//g') 

Security Misconfiguration (A05:2021)

  • Description: Improperly configured servers, frameworks, or applications expose vulnerabilities.
  • Examples: Default credentials, verbose error messages, open cloud storage.

You Should Know:

 Disable Apache server signature 
sudo nano /etc/apache2/conf-enabled/security.conf 
 Set: 
ServerTokens Prod 
ServerSignature Off 

Vulnerable and Outdated Components (A06:2021)

  • Description: Using libraries, frameworks, or dependencies with known vulnerabilities.

You Should Know:

 Check outdated packages in Linux 
apt list --upgradable

Scan for vulnerabilities using OWASP Dependency-Check 
dependency-check --project MyApp --scan /path/to/src 

Server-Side Request Forgery (SSRF) (A10:2021)

  • Description: Exploiting server functionality to access internal systems or resources.

You Should Know:

 Block SSRF via iptables (Linux) 
sudo iptables -A OUTPUT -d 192.168.1.0/24 -j DROP 

OWASP Resources:

What Undercode Say

Web security is a continuous battle. Implementing strong access controls, encryption, input validation, and monitoring reduces risks. Always update dependencies, enforce least privilege, and log suspicious activities.

Expected Output:

 Sample secure log analysis command 
grep "Failed password" /var/log/auth.log | awk '{print $1,$2,$3,$9}' | sort | uniq -c 

References:

Reported By: Nett Owasp – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image