Back

TechnologyJan 14, 2014

The Top 10 Web Security Risks

Josh Hamit

OWASP Top Ten

Web security is a serious risk. Data breaches cost U.S. companies an average of $5.4 million in 2013. To put it in a perspective that scales with your business, that’s an average of $194 per compromised record (2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013). How many customer records does your application have?

At Credera, one of the ways we help our clients is by helping them safely and expertly craft web applications with minimal vulnerabilities. We are able to deliver this by coupling our experience building several Fortune 500 websites with industry best practices, such as the research done by the Open Web Application Security Project (OWASP).

Each year, OWASP publishes a top 10 list of security threats to web applications. This year’s list includes the following:

10.       Unvalidated Redirects and Forwards

9.         Using Components With Known Vulnerabilities

8.         Cross-Site Request Forgery (CSRF)

7.         Missing Function Level Access Control

6.         Sensitive Data Exposure

5.         Security Misconfiguration

4.         Insecure Direct Object References

3.         Cross-Site Scripting (XSS)

2.         Broken Authentication and Session Management

Drum roll, please…

And the number one web application vulnerability is…

1.         Injection

In the coming weeks we’ll look at each item on the list in detail by helping to define and simplify the problem, discussing common solutions, and sharing some of the ways we help our clients go above and beyond in integrating these approaches into their Software Development Life Cycle.

Look forward to the OWASP Top 10!

Be sure to follow us on Twitter or LinkedIn for more great tips.  Have a question related to the blog series or web security in general?  Use the comments section below to join the conversation.

Have a Question?

Please complete the Captcha