Notes
Notes - notes.io |
OWASP TOP 10
APP - Stds
PCI DSS
HIPPAA
PTES
OSSTMM
OWASP
1.Broken Auth and Session MGMT
Test cases :
Forgotten password controls: RE-authentication
PAssword Strenght: min 7-15+ char
MITM Attacks
Password Storage
Session management : PHPSESSID , JSESSIONID , Session value should randomness , Session tokens
2.Insecure Direct object reference
When an application provides direct access to objects based on user-supplied input by this attacker can bypass authorization and access resources in the system directly.
Horizontal Privilege escalation: when a user tries bypass wth another user then it called
vertical privilege escalation: when a user tries to bypass higher user (admin) then it
3.security misconfiguration
Security misconfiguration caused due to a lack of security implementations | secure coding practice, this can happen at any level of the web application. the eg framework, database, app server, etc
eg: upload your resume - update resume Docx,doc , pdf -> PHP , directory listing(index of /)
4.Sensitive data misconfiguration
Sensitive data misconfiguration occurs when a breach or direct exposure of passwords, tokens, DB_strings, Credit card details, SSN to attackers due to lack of implementation of security measures.
eg: emails disclosed, view finds credentials, etc
5.missing function level access control
This vulnerability enables unauthorized users to access a page or a privileged function that they should not have the ability to access.
ex: robots.txt, XML-RPC , force browsing
6.using the components with known vulnerabilities
when creating the application developers often make use of existing third-party libraries or frameworks to speed up the development and improve the efficiency and quality, but it creates a way for vulnerable code to sneak into the secure application.
7.unvalidated redirects and forwards
this vulnerability occurs when a web app takes the user input and redirect users to the given value without doing any validation
eg : phishing
ganesh.com/id=2//ridr=google.com
8. XSS
9.CSRF
10.injections
|
Notes.io is a web-based application for taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000 notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 12 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team