online Security are one of the biggest threat now a days and countries investing similar amount as they are investing on their border security.

Many countries has develop protection in order to prevent from any attack on their online system.

Here below we are sharing few biggest security threats which could be danger in coming days.

Ten application security risks

1. injection

When untrusted data is sent to the parser as part of a command or query, injection defects such as SQL injection, NoSQL injection, OS injection, and LDAP injection are generated. The attacker’s malicious data can trick the parser to execute unexpected commands or access data without proper authorization.

2.  invalid identity authentication

Often, by misusing the application’s authentication and session management capabilities, an attacker can decipher a password, key, or session token, or exploit other developmental deficiencies to temporarily or permanently impersonate another user’s identity.

3. sensitive information leakage

Many web applications and APIs do not properly protect sensitive data such as financial data, medical data, and PII data. An attacker can implement credit card fraud, identity theft, or other criminal activity by stealing or modifying unencrypted data. Unencrypted sensitive data is vulnerable to corruption, so we need to encrypt sensitive data, including data during transmission, stored data, and interactive data from the browser.

4. XML External Entity (XXE)

Many older or misconfigured XML processors evaluate external entity references in XML files. An attacker can exploit external entities to steal internal and shared files using the URI file processor, listen to internal scan ports, execute remote code, and implement denial of service attacks.

5. failed access control

Appropriate access control is not implemented for authenticated users. Attackers can use these flaws to access unauthorized features or data, such as accessing other users’ accounts, viewing sensitive files, modifying other users’ data, changing access rights, and more.

6. security configuration error

Security configuration errors are the most common security issue, usually due to insecure default configurations, incomplete temporary configurations, open source cloud storage, incorrect HTTP header configuration, and detailed error messages with sensitive information. Therefore, we not only need to securely configure all operating systems, frameworks, libraries, and applications, but we must patch and upgrade them in time.

7. cross-site scripting (XSS)

XSS defects occur when an application’s new web page contains untrusted, improperly validated or escaped data, or when an existing web page is updated with a browser API that creates HTML or Java. XSS allows an attacker to execute scripts in the victim’s browser and hijack user sessions, compromise websites, or redirect users to malicious sites.

8. unsafe deserialization

Unsafe deserialization can result in remote code execution. Even if deserialization flaws don’t cause remote code execution, attackers can use them to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks.

9. using the component with known vulnerabilities

Components (for example: libraries, frameworks, and other software modules) have the same permissions as the application. If an application with a known vulnerability is exploited by an attacker, it can cause serious data loss or server takeover. At the same time, applications and APIs that use components with known vulnerabilities can undermine application defenses, cause various attacks, and have a serious impact.

10. insufficient logging and monitoring

Insufficient logging and monitoring, as well as missing or ineffective integration of incident responses, allow attackers to further attack the system, remain persistent or move to more systems, and tamper with, extract or destroy data. Most defect studies have shown that defects are detected for more than 200 days and are usually detected by an external detector rather than by internal processes or monitoring.

LEAVE A REPLY