Known vulnerabilities are vulnerabilities that were discovered in open source components and published in the NVD, security advisories or issue trackers. From the moment of publication , a vulnerability can be exploited by hackers who find the documentation.
Broken access control vulnerabilities exist when a user can in fact access some resource or perform some action that they are not supposed to be able to access.
Insecure deserialization is when user-controllable data is deserialized by a website. This potentially enables an attacker to manipulate serialized objects in order to pass harmful data into the application code. It is even possible to replace a serialized object with an object of an entirely different class.
Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data. Sensitive data exposure differs from a data breach, in which an attacker accesses and steals information.
Security Misconfiguration is simply defined as failing to implement all the security controls for a server or web application, or implementing the security controls, but doing so with errors. According to the OWASP top 10, this type of misconfiguration is number 6 on the list of critical web application security risks.
Access control is only effective if enforced in trusted server-side code or server-less API, where the attacker cannot modify the access control check or metadata. Deny access to functionality by default. Use Access control lists and role-based authentication mechanisms.
Insufficient logging and monitoring vulnerability occur when the security-critical event is not logged off properly, and the system is not monitored. Lack of such functionalities can make malicious activities harder to detect and in turn affects the incident handling process.
Broken authentication is #2 on the latest (2017) OWASP Top 10 list. Broken authentication is typically caused by poorly implemented authentication and session management functions. Broken authentication attacks aim to take over one or more accounts giving the attacker the same privileges as the attacked user.
The catalog's main purpose is to standarize the way each known vulnerability or exposure is identified. This is important because standard IDs allow security administrators to quickly access technical information about a specific threat across multiple CVE-compatible information sources.
The CVE List was launched by MITRE as a community effort in 1999, and the U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. CVE Records are used in numerous cybersecurity products and services from around the world, including NVD.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
The National Vulnerability Database (NVD) is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance.
CVE was launched in 1999 by the MITRE corporation to identify and categorize vulnerabilities in software and firmware. CVE provides a free dictionary for organizations to improve their cyber security. MITRE is a nonprofit that operates federally funded research and development centers in the United States.
Common Vulnerabilities and Exposures
The different types of vulnerabilityIn the table below four different types of vulnerability have been identified, Human-social, Physical, Economic and Environmental and their associated direct and indirect losses.
The Top 10 OWASP vulnerabilities in 2020 are:
- Injection.
- Broken Authentication.
- Sensitive Data Exposure.
- XML External Entities (XXE)
- Broken Access control.
- Security misconfigurations.
- Cross Site Scripting (XSS)
- Insecure Deserialization.
Threats can be classified into four different categories; direct, indirect, veiled, conditional.
A weakness in system security procedures, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.
Threat is what an organization is defending itself against, e.g. a DoS attack. Vulnerabilities are the gaps or weaknesses that undermine an organization's IT security efforts, e.g. a firewall flaw that lets hackers into a network.
Here are the top five OS-based vulnerabilities that can lead to a cyberattack:
- Remote code execution. Execute or modify command code remotely.
- Denial-of-service. Deny or degrade service to users.
- Elevation of privilege. Gain capabilities without proper authorization.
- Information disclosure.
- Spoofing.
What are the most common security threats? The top 10 internet security threats are injection and authentication flaws, XSS, insecure direct object references, security misconfiguration, sensitive data exposure, a lack of function-level authorization, CSRF, insecure components, and unfiltered redirects.
The characteristics determined by physical, social, economic and environmental factors or processes which increase the susceptibility of an individual, a community, assets or systems to the impacts of hazards. Vulnerability is one of the defining components of disaster risk.
There are two basic types of exploits that can be identified: known and unknown (a.k.a. 0-day). Known exploits are exploits we have a record of and which we can take measures against.
"SQL injection is still out there for one simple reason: It works!" says Tim Erlin, director of IT security and risk strategy for Tripwire. "As long as there are so many vulnerable Web applications with databases full of monetizable information behind them, SQL injection attacks will continue."
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications. Globally recognized by developers as the first step towards more secure coding.
OWASP Risk Assessment Framework can be integrated in the DevSecOps toolchain to help developers to write and produce secure code.
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. This standard can be used to establish a level of confidence in the security of Web applications.
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in an application or a system to cause unintended or unanticipated behavior to occur. The name comes from the English verb to exploit, meaning “to use something to one's own advantage”.
OWASP ZAP. The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who are new to penetration testing.
