SQL query created and sent to Interpreter as below Valid userName is available, and password is not available. Logging into an application without having valid credentials. Administration Operations can be executed on the database.Database data can be modified (Insert/Update/ Delete).Sensitive data like User Names, Passwords, etc.An attacker can inject malicious content into the vulnerable fields.The SQL command which when executed by web application can also expose the back-end database. Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data. Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data. Insufficient Transport Layer Protection.Broken Authentication and Session Management.The Top 10 security vulnerabilities as per OWASP Top 10 are: The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities. Impact or Damage –How much damage will be done if the security vulnerability is exposed or attacked? Highest being complete system crash and lowest being nothing at all.Detectability – How easy is it to detect the threat? Highest being the information displayed on URL, Form or Error message and lowest being source code.Exploitability –What is needed to exploit the security vulnerability? Highest exploitability when the attack needs only web browser and lowest being advanced programming and tools.The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software. The organization publishes a list of top web security vulnerabilities based on the data from various security organizations. OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |