OWASP Top 10s


Web security is such a broad topic to talk about. There are numerous vulnerability scanning tools available these days that can check your application and provide comprehensive reports. 

While it is impossible to know what next attack on your site will be, we need to be ready to deal with any possibilities. One of the preparation steps is to review the top vulnerabilities learned from history.  



The OWASP Top 10 provides a list of the 10 Most Critical Web Application Security Risks
and for each Risk it provides:
  • A description
  • Example vulnerabilities
  • Example attacks
  • Guidance on how to avoid
  • References to OWASP and other related resources

Comments

  1. RayanApril 14, 2017 at 4:28 AM

    owasp top 10 in which malicious scripts are injected into the otherwise benign and trusted web sites. good one, it is really helpful.

    ReplyDelete

Post a Comment

Popular posts from this blog

SP optimization with TVF, View

Had problem with a SP, SP has a few parameters SP unions three queries and then filter by a parameter and then return data  One of the three queries links a TVF with a few tables The TVF links a standard view with a few tables The View links several tables, however not all tables are used by the TVF Symptom: One table used by the TVF has many scan count and slows down the SP Optimization options: Bring the parameter to the three queries referenced by the SP - no effect Modify the TVF and pass in the SP parameter - Speed up 4x Replace the view with the base table and remove unused tables - Speed up 4x
Read more

Project Professional 2013 Error 12015

Image
Got an error 12015 when opening Project Professional 2013.  Clicking the More info and it shows this: <detail><ServerExecutionFault xmlns="http://Microsoft.Office.Project.Interfaces/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Actor i:nil="true"/><LastError>12015</LastError><Message/><Source/><StackTrace/><TargetSite i:nil="true"/><ExceptionDetails><errinfo xmlns=""><general><class name="ActiveCacheUnsupportedProjectProfessionalVersion"><error id="12015" name="ActiveCacheUnsupportedProjectProfessionalVersion" uid="315f3c6b-46fa-e411-80d9-00155d106504" version="15.0.4569.1504"/></class></general></errinfo></ExceptionDetails></ServerExecutionFault></detail> and the second error message is: According technet ( http://blogs.technet.com/b/p...
Read more

SSRS issue on SQL Server 2012 SP3 -The version of the report server database is either in a format that is not valid, or it cannot be read

When windows update pushed SQL Server 2012 SP3 to the database server on the weekend, we received an error on SSRS: "The version of the report server database is either in a format that is not valid, or it cannot be read." I googled around and found this post on TechNet: https://social.technet.microsoft.com/wiki/contents/articles/32360.sspr-troubleshooting-the-version-of-the-report-server-database-is-either-in-a-format-that-is-not-valid-or-it-cannot-be-read.aspx I was surprised that a major SP would contain such an issue as most IT shops won't bother with the many CUs and choose to stay with SPs. The fix is upgrade to SP3 CU6 for us. Microsoft recommends to go with the latest CU, which is CU9. List of SQL Server Versions for reference:  http://sqlserverbuilds.blogspot.ca/
Read more