The top ten exploits are:
- Cross-site Scripting (XSS)
- Broken Authentication and Session Management:
- Insecure Direct Object References:
- Cross-Site Request Forgery
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure to Restrict
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwards
OWASP hasn't just identified the key exploits – the OWASP organization has invested hundreds of unpaid hours to document each of the top ten exploits, in the form of the OWASP Top 10 guide. This 22-page PDF document outlines each exploit, providing detailed information on how to test for each exploit. While it isn't a long document, this free PDF should become your handbook for security-related testing activities.
The second OWASP document every tester should print and retain is the OWASP Testing Guide. As the OWASP site describes, "this project's goal is to create a "best practices" web application penetration testing framework which users can implement in their own organizations and a "low level" web application penetration testing guide that describes how to find certain issues." The testing guide is 350 pages long and includes detailed analysis and step-by-step instructions for testing for various security-related vulnerabilities. This document is used by many educational institutions as a textbook for security testing.
Dig Deeper on Software Security Test Best Practices
Related Q&A from John Overbaugh
Learn what's behind AWS outages and how to fix failures before they happen. Continue Reading
Learn strategies for best security test strategies for SaaS cloud. Continue Reading
Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.