Scribd
Upload
75 views10 pages

Web Security: Chaitanya Pathak MD Sanjer Alam Nadeem Malik Dr. Mainuddin

This document discusses web security and common web vulnerabilities. It defines web security as the security of websites, web applications, and web services. It then lists several common categories of web vulnerabilities, including broken authentication, broken access controls, SQL injection, cross-site scripting, information leakage, and cross-site request forgery. The document also discusses the OWASP top 10 list of web vulnerabilities and provides more details on some specific vulnerabilities like SQL injection and cross-site scripting.

Uploaded by

Nadeem Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
75 views10 pages

Web Security: Chaitanya Pathak MD Sanjer Alam Nadeem Malik Dr. Mainuddin

This document discusses web security and common web vulnerabilities. It defines web security as the security of websites, web applications, and web services. It then lists several common categories of web vulnerabilities, including broken authentication, broken access controls, SQL injection, cross-site scripting, information leakage, and cross-site request forgery. The document also discusses the OWASP top 10 list of web vulnerabilities and provides more details on some specific vulnerabilities like SQL injection and cross-site scripting.

Uploaded by

Nadeem Malik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 10

WEB SECURITY

BY:
CHAITANYA PATHAK
MD SANJER ALAM UNDER THE
GUIDANCE OF:
NADEEM MALIK DR.
MAINUDDIN
WEB
Branch
SECURITY
ofInformation Security.
Deals specifically with security ofwebsites,web
applicationsandweb services.
Web applications perform every useful function
implemented online. Examples:
Shopping (Amazon)
Social networking (Facebook)
Banking (Citibank)
Web search (Google)
Auctions (eBay)
Web mail (Gmail)
Interactive information (Wikipedia)
With new class of technology, comes new range
of security vulnerabilities.
Most serious attacks those that gain unrestricted
access to the back-end systems which runs the
application.
Some common categories of vulnerability:

Broken Authentication (62% of all cases)

Broken Access Controls (71% of all cases)

SQL Injection (32% of all cases)

Cross-Site Scripting (94% of all cases)

Information Leakage (78% of all cases)

Cross-Site Request Forgery (92% of all cases)


OWASP TOP 10
2013
A1 - Injection
A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting (XSS)
A4 - Insecure Direct Object References
A5 - Security Misconfiguration
A6 - Sensitive Data Exposure
A7 - Missing Function Level Access Control
A8 - Cross-Site Request Forgery (CSRF)
A9 - Using Known Vulnerable Components
A10 - Unvalidated Redirects and Forwards
Encompasses various defects within the
applications login mechanism.

Enable attackers to guess weak


passwords, launch a brute-force attack or
bypass the login.

Broken Access
Controls
Involves cases where the application fails
to properly protect access to its data and
functionality.
SQL Injection
Enable attackers to submit crafted input
to interfere with the applications
interaction with back-end databases.

Attackers able to retrieve arbitrary data


from the application, interfere with its logic
or execute commands on the database
server itself.

Cross-Site Scripting
Enable attackers to target other users of
the application, gaining access to their
data, performing unauthorized actions on
Involves cases where an application
divulges sensitive information that is of use
to an attacker in developing an assault
against the application, through defective
error handling or other behavior.

Cross-Site Request
Forgery
Application users induced to perform
unintended actions on the application
within their privilege level.

Allows a malicious web site visited by the


victim user to interact with the application
References:
https://
www.owasp.org/index.php/Category:O
WASP_Top_Ten_Project

Web Application Hacker's Handbook by


Dafydd Stuttard and Marcus Pinto
THE END

You might also like