Ever wished there was an easy way to see if your site is vulnerable to any of the vulnerability categories on the OWASP Top 10 list? The latest addition to the Detectify tool allows you to do just that! Our new OWASP view provides a quick and easy way to check whether your site passes or fails OWASP Top 10 tests.
The eighth vulnerability on the list is Cross-site Request Forgery (CSRF), a vulnerability that allows an attacker to make requests on behalf of a user. CSRF can lead to a wide range of state-changing requests such as changing credentials, transferring funds, and modifying settings being executed on the user’s behalf.
The fifth vulnerability category on the list is called Security Misconfiguration. If a component is susceptible to attack due to an insecure configuration it would classify as security misconfiguration. This is considered the same vulnerability regardless if the misconfiguration happens in the web server, database or, for that matter, custom code.
Fourth one on the list is Insecure Direct Object Reference, also called IDOR. It refers to when a reference to an internal implementation object, such as a file or database key, is exposed to users without any other access control. In such cases, the attacker can manipulate those references to get access to unauthorized data.
Are you running WordPress 4.2.0 to 4.5.1? Time to upgrade to 4.5.2!
It was recently discovered that WordPress versions 4.2.0 to 4.5.1 are vulnerable against a reflected XSS vulnerability in a specific WordPress SWF-file: flashmediaelement.swf. The vulnerability could lead to leaked WordPress credentials, or be used as a stepping stone to more severe attacks.