The eighth vulnerability on the list is Cross-site Request Forgery (CSRF), a vulnerability that allows an attacker to make requests on behalf of a user. CSRF can lead to a wide range of state-changing requests such as changing credentials, transferring funds, and modifying settings being executed on the user’s behalf.
The fifth vulnerability category on the list is called Security Misconfiguration. If a component is susceptible to attack due to an insecure configuration it would classify as security misconfiguration. This is considered the same vulnerability regardless if the misconfiguration happens in the web server, database or, for that matter, custom code.
Fourth one on the list is Insecure Direct Object Reference, also called IDOR. It refers to when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to unauthorized data.
OWASP is a non-profit organization with the goal of improving the security of software and internet. They have put together a list of the ten most common vulnerabilities to spread awareness about web security. In this post, we have gathered all our articles related to OWASP and their Top 10 list. If you’d like to learn more about web security, this is a great place to start!