Introduction to: Bringing Security Risks Awareness to Developers
This article talks about what OWASP Top 10 is, to bring awareness to developers so that web applications can get more secure over time
Hey y'all. This is my first blog so I'd appreciate any feedback. Enjoy :)
Security Risks
We all know that the internet is not a safe place. Every year, more and more black hat (the bad) hackers emerge and try to mess with anyone they can. Either to steal any information they might be interested in, or just because they are practicing their skills so they can go for bigger prizes, like for example hacking bank accounts and things like that.
This can be annoying and it can bring difficult problems like the following:
- What you once had as private data is now floating around online
- Servers are getting corrupted data and thus are getting damaged
- Companies have to fix code (which is expensive)
and many others...
What can we do about it?
Most of these problems can be avoided by bringing security risks awareness to programmers. If we are all aware of how black hat hackers attack us, then we can be better prepared and perhaps stop them before they can do anything to us or our apps. Doing that will also make us better programmers, and we all want to be better programmers right? ๐
Open Web Application Security Project (OWASP)
OWASP is an online community that creates articles, methodologies and tools in the web application security's field. They are sort of like a protection team that we as developers can in a way rely on. By reading their articles and using their methodologies we can be prepared against certain attacks.
Today I will be talking about OWASP Top 10 Security Risks & Vulnerabilities
This is a list that OWASP creates every 4-5 years where they basically talk about the most used forms of attacks black hat hackers use and the weakest vulnerabilities that we need to be aware of. This list was created in 2017 and we should expect a new one coming out pretty soon.
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfigurations
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using components with known vulnerabilities
- Insufficient Logging and Monitoring
Knowing this, we can then dive deep into each one and learn how they work so that we can code our apps in a way where it is very hard for black hat hackers to do something to our it. Of course someone really good would still find a way, since they can even hack the governments, but at least the majority of black hat hackers won't be able to.
*This was the overview of what OWASP is and a bit of content on security. In the next few weeks I will be creating an article explaining each and everyone of the 10 most used forms of attacks and vulnerabilities in depth. Follow me if you're interested in that :)
However, this is a good entry point for anyone who wants to get familiar with security risks in web development. All you got to do from here is to look up any of the 10 most used forms of attacks and you'll learn about them. *