The flashcards below were created by user
on FreezingBlue Flashcards.
what is owasp top ten
the 10 most critical web application security risks at time of release
where are these attacks going to come from
how easy is it to perform the attack
how common is the weakness
how easy is it to detect the weakness
how severe will the attack be on the infrastructure
what will be the varied costs to the business if a successful attack takes place
3 primary defence approaches
- input validation - never trust the user
- access surface reduction - don't give functionality if they don't need
- classification and prioritization of threats
2 types of input validation
- blacklist validation - input that should not come from a user, then blocking it
- whitelist validation - input that should come from a user, then allowing it
- information disclosure
- denial of service
- elevation of privilege
- Forum of Incident Response and Security Teams
- ranks vulnerabilities on a scale of 1 to 10, ten being the highest
similarities to XSS and CSRF
- attack the victim's browser instead of the server
- take advantage of vulnerabilities to circumvent the SOP
- Cross-site scripting
- allows attackers to execute scripts in the victim's browser.
- occurs whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping
- cross-site request forgery
- forces the users browser to send a forged HTTP request to a vulnerable web app.
- this includes cookies and automatic authentication information
how technically skilled is this group of threat agents?
how motivated is this group of threat agents
what resources and opportunity is required for this group of threat agents?
how well know is this vulnerability to this group of threat agents?
how likely is an exploit detected