Application Security Flashcards
What is OWASP?
The Open Web Application Security Project
• Non-profit organisation
– Local chapters in most countries, also in Norway
• OWASP promotes security awareness and security
solutions for Web application development.
• OWASP Top-10 security risks identify the most critical
security risks of providing online services
– The Top 10 list also recommends relevant security solutions.
• OWASP ASVS (Application Security Verification Standard)
specifies requirements for application-level security.
• Provides and maintains many free tools for scanning and
security vulnerability fixing
What are the top 10 vulnerabilitites list?
njection
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
What are the main vulnerabilitites?
– SQL Injection
– XSS - Cross-Site Scripting
– Broken authentication and session management
Explain SQL Injection.
• Database system misinterpretation of input data
– Attacker disguises SQL commands as data-input
– Disguised SQL commands = ‘injected’ SQL commands
• With SQL injection, an attacker can get complete
control of database
– no matter how well the system is patched,
– no matter how well the firewall is configured,
• Vulnerability exists when web application fails to
sanitize data input before sending to it database
• Flaw is in web application, not in SQL database
Explain XSS- Cross- Site Scripting.
Data provided by users to a web application is stored
persistently on server (in database, file system, …)
and later displayed to users in a web page.
• Typical example: online message boards.
• Attacker uploads data containing malicious script to
server.
• Every time the vulnerable web page is visited, the
malicious script gets executed in client browser.
• Attacker needs to inject script just once
What is the broken authentication and session management?
User authentication does not necessarily provide continuous
authentication assurance
– User authentication is only at one point in time
• Insecure implementation of session control with a static
session Id which is passed in the URL
– Unfortunately this can be misused
• Recommendations for session Id must be followed
– E.g friom OWASP
• Examples of controls for session Id:
– Link session Id to e.g. IP address, TLS session Id
Explain Cloud Computing.
Er når man bruker et nettverk av eksterne servere som er vert på Internett for å lagre, og prosessere data istedenfor å ha en lokal server eler datamaskin.
The use of shared computing for the purpose of providing efficiencies, performance, reliability, scalability and security.
What are the DevSecOps?
Innebygget sikkerhet. Konfigurasjonstyring.
What are the benefits(techinical, business) with DecSecOps?
TECHNICAL BENEFITS: 1. CONTINUOUS SOFTWARE DELIVERY 2. LESS COMPLEX PROBLEMS TO FIX 3. FASTER RESOLUTION OF ISSUES WHEN THEY ARISE 4.SECURE ENVIRONMENT
BUSINESS BENEFITS: 1. FASTER DELIVERY OF FEATURES 2. MORE STABLE OPERATING ENVIRONMENTS 3. MORE TIME AVAILABLE TO ADD VALUE (RATHER THAN WASTE IT WITH FIXES/MAINTENANCE) 4. NO BREACHES / BETTER IMAGE
STRIDE threat modeling
- Spoofing: Can an attacker gain access using a false identity?
- Tampering: Can an attacker modify data as it flows through the application?
- Repudiation: If an attacker denies doing something, can we prove he did it?
- Information disclosure: Can an attacker gain access to private or potentially injurious data?
- Denial of Service: Can an attacker crash or reduce the availability of the system?
- Elevation of privilege:
Can an attacker assume the identity of a privileged user?
