16 OWASP Top 10

 

This chapter covers

  • Discovering what OWASP is and what it does
  • Exploring how relevant the OWASP Top 10 is
  • Learning how the OWASP Top 10 is created
  • Looking at how each item in the OWASP Top 10 relates to this book
  • Noting other security-related lists of risks

OWASP (https://owasp.org) is a nonprofit organization that advocates web application security. It was founded in September 2001 and has since created a lot of content and offerings:

  • Events, local and global
  • Cheat sheets for various kinds of attacks, with technology-specific advice
  • Checklists and guidelines for security testing
  • Software such as the OWASP Zed Attack Proxy, ZAP (see chapter 15)
  • Training material such as the Juice Shop, an application with many (intentional) security vulnerabilities
  • And much more

The best-known OWASP project, however, is the OWASP Top 10 list, which we will cover in this chapter, along with other top 10 lists. Not surprisingly, we have covered all aspects of these lists in previous chapters (or, at least, have good reasons why we didn’t). This chapter serves as a refresher on many things we discussed earlier in this book and reiterates how the threats from the list items may be mitigated with ASP.NET Core.

16.1 OWASP Top 10

 
 

16.1.1 Top 10 creation process

 
 

16.1.2 #1: Broken access control

 
 
 
 

16.1.3 #2: Cryptographic failures

 

16.1.4 #3: Injection

 
 
 

16.1.5 #4: Insecure design

 
 

16.1.6 #5: Security misconfiguration

 

16.1.7 #6: Vulnerable and outdated components

 
 

16.1.8 #7: Identification and authentication failures

 
 

16.1.9 #8: Software and data integrity failures

 
 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest