We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Wed 15 Jan 2003 04:00 AM

Font Size

- Aa +

Top 10 critical web security problems

The Open Web Application Security Project has released a list of the top 10 web vulnerabilities. Unvalidated parameters are number one on the list.

The Open Web Application Security Project (OWASP) has released a list of the top 10 web vulnerabilities. Unvalidated parameters, which mean that information from web requests is not validated before being used by a web application, are number one on the list. Attackers can use such flaws to attack backside components through a web application.OWASP, a voluntary open source group, has released the list in order to help organisation avoid the most serious vulnerabilities. These flaws are seen to be as serious as network security problems and should be given the same degree of attention.“These flaws are surprisingly common and can be exploited by unsophisticated attackers with easily available tools. When an organisation deploys a web application, they invite the world to send HTTP requests. Attacks buried in these requests sail past firewalls, filters, platform hardening, SSL, and IDS without notice because they are inside legal HTTP requests. Therefore, web application code is part of the security perimeter and cannot be ignored,” the group says.The complete Top 10 is as follows:1) Unvalidated parameters2) Broken access control3) Broken account and session management4) Cross-site scripting (xss) flaws5) Buffer overflows6) Command injection flaws7) Error handling problems8) Insecure use of cryptography9) Remote administration flaws10) Web and application server misconfiguration

Arabian Business: why we're going behind a paywall

For all the latest business news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.

Read next