Introduction Software and data integrity failures refer to the state of corruption or integrity violation of data or software for which no proper checks are in place in the present infrastructure of the organization. Integrity violation of data and the software includes scenarios where any unauthorized entity modifies the data crucial to an organization’s working...
Introduction: Vulnerabilities due to identification and authentication failures are determined by the flaws in applications’ authentication mechanisms, regardless of how robust or well-implemented they are. Prior to 2021, it was referred to in the OWASP Top Ten as “Broken Authentication,” but it now goes by its new moniker. Instead of only affecting authentication in the...
Vulnerable and Outdated components: Introduction Woahhh!! Is your office still running Windows 2000? Umm…Yes! Why does it surprise you? I am thrilled by this fact because you still aren’t targeted by any hacker. An intruder can easily gain access to these systems due to them being considered obsolete and in no support zone by...
The rise of this vulnerability from sixth to fifth place in the OWASP top 10 lists is not surprising. When Avinash Jain discovered a security misconfiguration problem in Atlassian Jira, a major project management tool, this vulnerability gained additional notoriety in the Jira breach. He had access to a tonne of sensitive data at these...
We @ ASPIA frequently check all the input fields, injection, XSS, and other areas for large and visible problems while assessing the security risks and vulnerabilities of your applications. But take note! You still need to review your application’s design. These flaws are present in your application but frequently go unnoticed because they operate in...
What is it? Injection!! That too in security!! How? Well, to most of us reading this article “injection” might sound something like a term from a medical background. If you are thinking of that “injections” then, you are thinking correctly to some extent because the use of injection is to inject medicine into the human...
Cryptographic failures Introduction Why did everyone start switching to Signal and Telegram as soon as it was discovered that WhatsApp was leaking users’ information? Why then did Whatsapp feel the need to add “end-to-end encryption” to its software? Why has everyone started becoming cashless and using their credit or debit cards to do transactions...
What is it? Ever thought of doing a banking transaction from another person’s account or booking all the tickets to a movie theatre, all without even being logged in or without having proper credentials for the account? That’s what we call Broken Access Control which basically means that the policies which are kept in the...
The advent of technology has brought about new ways for cybercriminals to exploit the vulnerabilities that exist in our networks and systems. That is why, according to OWASP, “the world needs a robust set of guidelines to help organizations mitigate these risks.” Introduction The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization...