By Neil Denslow
The Open Web Application Security Project has released a list of the top 10 web vulnerabilities. Unvalidated parameters are number one on the list.
The Open Web Application Security Project (OWASP) has released a list of the top 10 web vulnerabilities. Unvalidated parameters, which mean that information from web requests is not validated before being used by a web application, are number one on the list. Attackers can use such flaws to attack backside components through a web application.OWASP, a voluntary open source group, has released the list in order to help organisation avoid the most serious vulnerabilities. These flaws are seen to be as serious as network security problems and should be given the same degree of attention.“These flaws are surprisingly common and can be exploited by unsophisticated attackers with easily available tools. When an organisation deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Therefore, web application code is part of the security perimeter and cannot be ignored,” the group says.The complete Top 10 is as follows:1) Unvalidated parameters2) Broken access control3) Broken account and session management4) Cross-site scripting (xss) flaws5) Buffer overflows6) Command injection flaws7) Error handling problems8) Insecure use of cryptography9) Remote administration flaws10) Web and application server misconfiguration