Web App

Security
 TABLE OF CONTENTS

What is Web OWASP

01 app security? 02 Foundacion

-
Top 10 Web Cryptographic
03 Application 04 Failures
Security risk - SQL injection
 What is
01 Web App
Security?
 Web Application Security

Refers to the practice of protecting web applications from threats and

attacks that could compromise their integrity, confidentiality and
availability. It means implementing security measures and adopting best
practices to prevent common vulnerabilities

● Integrity: refers to ensuring that data maintains its accuracy and completeness.
● Confidentiality: is about limiting access to information to authorized users only.
● Availability: ensures that services and resources are accessible when needed,
without unauthorized interruptions.
 OWASP
Foundacion 02
OWASP
Foundacion
Works to improve software security through its
community-driven open source software
projects, hundreds of chapters worldwide, tens
of thousands of members, and by hosting local
and global conferences.
 03
Top 10
Web App
Security
Risk
 Top 10 Web App Security Risk

Broken Access Vulnerable and

1 Control 6 Outdated Components

Cryptographi Identification and

2 c Failures 7 Authentication Failures

Software and Data

3 Injection 8 Integrity Failures
Security Logging
Insecure
4 Design 9 and Monitoring
Failures
Security 1 Server-Side
5 Misconfiguratio
n 0 Request Forgery
 Cryptographic
04.1 Failures

04. SQL
2 Injection
 Cryptographic Failures

Poor cryptography directly affects the

security of an application and its data. Lack
of security can let attackers steal and modify
data to conduct fraud, and identity theft,
which can lead to serious consequences.
Attackers try to steal keys, execute
man-in-the-middle attacks, or steal data
from the server, in transit, or from the
browser. This again leads to compromise in
sensitive information.
 What is the attack MITM
Man-in-the-middle

● An attack man in the middle (MITM) is a general term for when a

perpetrator positions himself in a conversation between a user and
an application, either to eavesdrop on or impersonate one of the
parties, making it appear as if a normal exchange of information is
taking place.
● Broadly speaking, a MITM attack is the equivalent of a postman
opening your bank statement, writing down your account details, and
then resealing the envelope and delivering it to your home.
 SQL Injection
● SQL injection (SQLi) is a web security vulnerability
that allows an attacker to interfere with the queries
that an application makes to its database. This can
allow an attacker to view data that they are not
normally able to retrieve. This might include data
that belongs to other users, or any other data that
the application can access. In many cases, an
attacker can modify or delete this data, causing
persistent changes to the application's content or
behavior.
● In some situations, an attacker can escalate a SQL
injection attack to compromise the underlying
server or other back-end infrastructure. It can also
enable them to perform denial-of-service attacks.
What is the impact of a successful
SQL Injection attack?
A successful SQL injection attack can result in unauthorized access to
sensitive data, such as:

● Passwords.
● Credit card details.
● Personal user information.

SQL injection attacks have been used in many high-profile data breaches
over the years. These have caused reputational damage and regulatory fines.
In some cases, an attacker can obtain a persistent backdoor into an
organization's systems, leading to a long-term compromise that can go
unnoticed for an extended period.