Scribd
Upload
62 views2 pages

Investigating OWASP

The document outlines a lab focused on investigating the Open Web Application Security Project (OWASP), including its Top 10 security concerns and community-contributed vulnerabilities and attacks. It emphasizes the importance of web application security and provides instructions for exploring the OWASP resources. Participants are required to analyze specific categories, vulnerabilities, and attacks, along with their descriptions and prevention methods.

Uploaded by

canojazmin208
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
62 views2 pages

Investigating OWASP

The document outlines a lab focused on investigating the Open Web Application Security Project (OWASP), including its Top 10 security concerns and community-contributed vulnerabilities and attacks. It emphasizes the importance of web application security and provides instructions for exploring the OWASP resources. Participants are required to analyze specific categories, vulnerabilities, and attacks, along with their descriptions and prevention methods.

Uploaded by

canojazmin208
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Lab - Investigating OWASP

Objectives
Part 1: OWASP Top 10
Part 2: OWASP Community Pages

Background / Scenario
Open Web Application Security Project (OWASP) is a non-profit organization that is dedicated to web
application security. OWASP publishes a list of the Top 10 most critical web security concerns facing
organizations about every three years. The objective of this report is to raise awareness regarding web
application security and to help organizations incorporate this information into their process to minimize and
mitigate security risks.
OWASP also accepts community contributions for security related content. The OWASP Community Pages
provides list of attacks and vulnerabilities reported by the communities.
In this lab, you will explore the OWASP Top 10 from 2021 and a few of the attacks and vulnerabilities
reported by community contributors.

Required Resources
 Internet access

Instructions

Part 1: OWASP Top 10


a. Navigate to the OWASP Top 10 (https://owasp.org/Top10).
b. At the time of this writing, the draft of latest list of Top 10 was published in 2021.
Question:

Review the Top 10 categories. Pick 3 categories out of the Top 10. In the table below, list your chosen
categories. Then briefly describe the category and some of the ways to prevent attacks in the category.

Top 10 Category Description Prevention

Ocurre cuando los usuarios


A01: Broken Access pueden acceder a datos o Implementar controles de acceso
Control (Control de acceso funciones a los que no deberían basados en roles (RBAC) y validar
roto) tener permiso. las reglas de acceso en el backend.
A05: Security Configuraciones inseguras en Aplicar hardening en sistemas,
Misconfiguration (Mala servidores, bases de datos o deshabilitar funciones innecesarias y
configuración de seguridad) aplicaciones que pueden ser realizar auditorías de seguridad.
explotadas.
A02: Cryptographic Failures Exposición de datos sensibles Usar TLS 1.2/1.3, cifrado AES-256 y
(Fallos criptográficos) debido a la falta de cifrado o uso de nunca almacenar contraseñas en texto
algoritmos débiles. plano
Blank Line, No additional information

© 2021 - 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 1 of 2 www.netacad.com
Lab - Investigating OWASP

Part 2: OWASP Community Pages


The OWASP Community Pages allows security-related contributions from the community. In this part, you will
review the Vulnerabilities pages to investigate the attack techniques reported by the contributors.
a. Navigate to the OWASP Community Page for Vulnerabilities. (https://owasp.org/www-
community/vulnerabilities/).
OWASP defines a vulnerability as flaw in the application that a threat actor can exploit.
Question:

Review the List of Vulnerabilities and pick 3. In the table below, list your chosen vulnerabilities. Briefly
describe the vulnerability and some of the ways to prevent exploitation.

Vulnerabilities Description Prevention

Ocurre cuando un atacante inserta Usar sentencias preparadas


SQL Injection (Inyección código SQL malicioso en una (Prepared Statements) en lugar de
SQL) consulta de base de datos. concatenación de consultas SQL.
Security Misconfiguration Configuraciones débiles en Deshabilitar servicios y permisos
(Configuración insegura) servidores, bases de datos o innecesarios.
aplicaciones que pueden ser
explotadas.
Unvalidated Redirects and Un atacante manipula una URL para Evitar redirecciones basadas en
Forwards (Redirecciones y redirigir a los usuarios a sitios parámetros del usuario.
reenvíos no validados) maliciosos.
Blank Line, No additional information

b. Navigate to the OWASP Community Page for Attacks. (https://owasp.org/www-community/attacks).


According to OWASP, an attack is a technique used to exploit application vulnerabilities.
Question:

Review the List of Attacks and pick 3. In the table below, list your chosen attacks. Then briefly describe
the attack and some of the ways to prevent it.

Attacks Description Prevention

Inyección de scripts en
XSS navegadores. CSP y sanitización de entradas.
CSRF Solicitudes maliciosas en sesiones Tokens CSRF y SameSite Cookies.
activas.
DoS/DDoS Sobrecarga del sistema con tráfico Firewalls, IDS/IPS y balanceo de
malicioso. carga.
Blank Line, No additional information
End of document

© 2021 - 2025 Cisco and/or its affiliates. All rights reserved. Cisco Public Page 2 of 2 www.netacad.com

You might also like