OWASP - Top 8 To 10
OWASP - Top 8 To 10
a⭲d Data
I⭲tcgíitQ Ïailuícs
Softwaíc a⭲d data i⭲tcgíitQ failuícs íclaťc ťo codc
a⭲d i⭲ríasťí"cť"íc ťkať docs ⭲oť píoťccť agai⭲sť
i⭲ťcgíiťQ :iolaťio⭲s. A⭲ cxamplc or ťkis is wkcíc a⭲
applicaťio⭲ íclics "po⭲ pl"gi⭲s, libíaíics, oí mod"lcs
ríom "⭲ťí"sťcd so"íccs, ícposiťoíics, a⭲d co⭲tc⭲t
dcli:cíQ ⭲ctwoíks (CDNs). A⭲ i⭲scc"íc CI/CD
(continuous integration and continuous delivery or
deployment) pipcli⭲c ca⭲ i⭲ťíod"cc ťkc poťc⭲ťial roí
"⭲a"ťkoíizcd acccss, malicio"s codc, oí sQsťcm
compíomisc.
How ťo Píc:c⭲ť
4. Use of software chain security Aids
• Utilizing tools like OWASP CycloneDX or OWASP Dependency-Check helps
security professionals to find out whether or not the application/software
components feature any sort of vulnerabilities.
5. Follow Pipeline Deployment Standard
• The CI/CD pipeline used for software/application development should feature
appropriate segregation, access control, and configuration. This helps in code
flow integrity during the entire development and execution phase.
6. Encrypt and Validate All Data
• It's very crucial to make sure that any unencrypted or unverified data is not
shared with any unauthorized resource. All data, before sharing, must go
through an extensive integrity check or be backed by a digital signature. This
practice helps one to spot any tampering or replay related incidents related to
your data/serial processes.
EXAMPLES:
When end-user updates happen devoid of signing
• Many applications/software come with auto-update features and don’t
comply with the user-verification process using the digital signing
mechanism. Such unsigned update incidences provide an opportunity for
threat actors to corrupt the targeted system/software. This could be a
serious issue and has no direct fix. The only remedy is to fix the issue in
the future version only.
The incidence of insecure deserialization
• Incidence deserialization occurs when a React application uses Spring Boot
microservices and programmers struggle hard to make sure the code used
remains unalterable. To make this happen, programmers generally
perform user state serialization. If that’s not done correctly, an attacker
can easily
figure out the “r00” Java object signature. Using the Java Serial Killer tool,
the threat actor can perform remote code execution.
Based on the Figure
1.A hacker identifies the agency's insecure CI/CD
pipeline and installs malicious code that gets into
production.
2.Customers unknowingly download malicious code
from the agency's replacement servers.
3.The malicious replacement connects to the
customer's environment and the hacker uses it to gain
access to the customer's network.
A09:2021 – SccuíitQ
Loggi⭲g a⭲d Mo⭲itoíi⭲g
Ïailuícs
Security logging and monitoring
failures are security vulnerabilities
that can occur when a system or
application fails to log or monitor
security events properly. This can
allow attackers to gain unauthorized
access to systems and data without
detection.
Some of the most common security logging and
monitoring failures include:
•Not Logging Important Security Events: This can include
failed login attempts, unauthorized access to sensitive
data, or changes to system configurations.
•Not Monitoring Logs for Suspicious Activity: This can
include repeated failed login attempts, unusual traffic
patterns, or changes to system configurations.
•Not Storing Logs for Long Enough: This can make it
challenging to investigate security incidents that occurred
in the past.
•Not Having a Process for Reviewing and Responding
to Security Logs: This can allow security incidents to go
undetected and unaddressed.
•Insecure Logging and Monitoring Systems: This can
allow attackers to access or modify logs, making
tracking their activities difficult.
Real-Life Example of Security Logging and Monitoring Failures:
2013 Target Data Breach
Attackers gained access to Target's network through a vendor
portal that third-party vendors used to access Target's systems.
Once they had access to the network, the attackers were able to
install malware on Target's point-of-sale (POS) systems to steal
the credit and debit card numbers of customers.
One key contributing factor to the breach was that Target did not
properly log failed login attempts, which allowed the attackers to
try different usernames and passwords until they were
successful. The stores also did not monitor their logs for
suspicious activity, such as repeated failed login attempts from
the same IP address.
How Can You Protect Against Security
Logging and Monitoring Failures?
The key to protecting against security logging and
monitoring failures is to log all critical security events
and monitor them for suspicious activity. Let’s dive into
what that means: