Browsed by
Category: OWASP

2017 OWASP Top 10 for PHP Developers Part 4: XML External Entities (XXE)

2017 OWASP Top 10 for PHP Developers Part 4: XML External Entities (XXE)

Ever processed XML files in your web application? If you did, you probably parsed their contents. And if you parsed their contents, your web application might have been vulnerable to an attack known as XML External Entities (XXE). What is XXE? An XXE attack is a security vulnerability often found in XML parsers. An XML External Entities attack often exploits the XML parsing functionality in a web application making it parse data of interest to an attacker. How does it…

Read More Read More

2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure

2017 OWASP Top 10 for PHP Developers Part 3: Sensitive Data Exposure

There is a lot of exposed data floating on the web. People hear about such events all the time – it seems like data breaches are becoming more and more common. With data breaches being so prevalent, one would expect people should protect their data better. However, with many developers underestimating the importance of protecting private data, this isn’t always the case – when developers fail to adequately protect data, sensitive data exposure might occur. Sensitive data exposure is currently…

Read More Read More

2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management

2017 OWASP Top 10 for PHP Developers Part 2: Broken Authentication and Session Management

While browsing the web, you click on a link. The link leads you to a page like this: Looks like a usual login page, right? Let’s try logging in. You go off to Discord and your friend asks for the URL of the login page, you provide him with this: http://localhost/2017-owasp-top-10/2/member.php?sessionid=3g7qpol6t8an9f81rk9m8imrj2 Your friend clicks on the URL and.. Wait – he’s logged in? He did not authenticate, how is this possible? To understand why this happened, we need to jump…

Read More Read More

SQL Injection – What it is, how it works & how it can be mitigated

SQL Injection – What it is, how it works & how it can be mitigated

SQL Injection. If You’re decently security-minded, You’ve probably heard of it. But what is it exactly? How does it work and, perhaps most importantly, what we can do to prevent it? What we do know is that injection is the #1 flaw targeting web applications according to OWASP Top 10. But why exactly is it so prevalent? I’ll try to touch on that in this blog post. SQL Injection? Never heard of it.. For those of you who haven’t heard of SQL Injection (SQLi)…

Read More Read More