The Consequences Identification and Authentication Failures

Introduction: Vulnerabilities due to identification and authentication failures are determined by the flaws in applications’ authentication mechanisms, regardless of how robust or well-implemented they are. Prior to 2021, it was referred to in the OWASP Top Ten as “Broken Authentication,” but it now goes by its new moniker. Instead of only affecting authentication in the...

Risks arising from vulnerable and outdated components

Vulnerable and Outdated components: Introduction   Woahhh!! Is your office still running Windows 2000? Umm…Yes! Why does it surprise you? I am thrilled by this fact because you still aren’t targeted by any hacker. An intruder can easily gain access to these systems due to them being considered obsolete and in no support zone by...

Security misconfiguration vulnerability

The rise of this vulnerability from sixth to fifth place in the OWASP top 10 lists is not surprising. When Avinash Jain discovered a security misconfiguration problem in Atlassian Jira, a major project management tool, this vulnerability gained additional notoriety in the Jira breach. He had access to a tonne of sensitive data at these...

Insecure Designs vulnerability

We @ ASPIA frequently check all the input fields, injection, XSS, and other areas for large and visible problems while assessing the security risks and vulnerabilities of your applications. But take note! You still need to review your application’s design. These flaws are present in your application but frequently go unnoticed because they operate in...

Introduction to Injection

What is it? Injection!! That too in security!! How? Well, to most of us reading this article “injection” might sound something like a term from a medical background. If you are thinking of that “injections” then, you are thinking correctly to some extent because the use of injection is to inject medicine into the human...

Cryptographic failures in Applications

Cryptographic failures Introduction   Why did everyone start switching to Signal and Telegram as soon as it was discovered that WhatsApp was leaking users’ information? Why then did Whatsapp feel the need to add “end-to-end encryption” to its software? Why has everyone started becoming cashless and using their credit or debit cards to do transactions...

Broken Access Control : A comprehensive Introduction

What is it? Ever thought of doing a banking transaction from another person’s account or booking all the tickets to a movie theatre, all without even being logged in or without having proper credentials for the account? That’s what we call Broken Access Control which basically means that the policies which are kept in the...

OWASP top 10 : 2021: An Introduction

The advent of technology has brought about new ways for cybercriminals to exploit the vulnerabilities that exist in our networks and systems. That is why, according to OWASP, “the world needs a robust set of guidelines to help organizations mitigate these risks.” Introduction The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization...