A web application is an application program that is stored on a remote server and delivered over the Internet through a browser interface. Web applications can be designed for a wide variety of uses and can be used by anyone; from an organization to an individual for many reasons. Web application security risk is the potential for loss or damage when a threat exploits a vulnerability, such as loss of money or privacy. In this video, we walk you through some of the top 5 web application security risks.
Injection: Injection flaws occur when invalid data is sent to a code interpreter by attackers. Passed to the web application via user data submission fields. Invalid data causes the interpreter to perform actions for which it is not programmed.
Exposure to sensitive data: Exposure to sensitive data is one of the most prevalent vulnerabilities. Inappropriate and insufficient API security policies, processes and practices allow attackers to access and use sensitive data. Stolen data can be used for credit card fraud, etc.
Access control broken: When access controls are misconfigured, attackers can simply bypass authorization and perform actions they should be allowed to do. For example, deleting data, meddling with access rights, etc.
Insecure deserialization: Primarily targeted against applications that constantly serialize and deserialize data, insecure deserialization leads to remote code execution, privilege escalation attacks, injection attacks, and more.
Insufficient logging and monitoring: Effective and regular logging and monitoring processes are essential for more agile and effective application security. Inefficient and insufficient processes coupled with an ineffective response significantly increase security risks. They give attackers leeway to orchestrate new attacks, tamper with data, and more.
Share this article
Do the sharing
About the Author
More info about the author
