Image for post
Image for post

The security misconfiguration applies to any security issue that is not a consequence of a programming error but a result of a configuration error. Security misconfigurations have been characterized as a separate category in the OWASP Top ten list. As the definition states, this flaw can happen at any level of an application stack, including the network services, web server, platform, application server, frameworks, database, custom code, containers and pre-installed virtual machines or storage.

Real-World Consequences of Security Misconfiguration

  • MongoDB DatabasesEarlier in the 2020, a hacker targeted nearly 47% of all MongoDB databases on the internet because of not setting up a password…

Image for post
Image for post

Sensitive Data Exposure Vulnerability exists in a web application when it is poorly designed & it does not adequately protect critical information. A couple of examples would be, exposed data that someone mistakenly uploaded somewhere, weak crypto which an attacker would be able to read if they successfully compromised the target and also the lack of headers which prevent the browser caching. As a result, it permits attackers to apply different security practices and find the sensitive data which is related to a particular web application or an organization. By the flaw of Sensitive Data Exposure, attackers can find sensitive…


Image for post
Image for post

Types of XSS attacks

Cross-Site Scripting attacks are a sort of injection, where malicious scripts are injected into a trusted web application. At the point When an attacker sends a malicious browser side script to an end user by utilizing a web application, a XSS attack occurs. These types of attacks are very common, and it permits the occasion to exploit the flaw for an attacker on a web application which uses inputs from a user inside the output it generates without validating or encoding it. …


Image for post
Image for post

Authentication is the way toward confirming the identity of a user by ensuring that they truly are who they claim to be. Generally by design, the Web applications are exposed to any individual who is associated within the internet. In this manner, powerful authentication mechanisms are an indispensable part of the effective web application security.

Any security imperfection produced as a consequence of the error in implementation of authentication mechanism and session management falls under the broken authentication. …


Image for post
Image for post

Injection flaws are a highly popular technique among security weakness that permits a client to break the web applications logic and the context. In the event that your web application takes input from the user and inserts that input into a back-end database, operating system call or shell command, the application might be vulnerable to an injection flaw. The issue is that the attacker can inject commands to these elements resulting in loss of data or hijacking clients browsers.

An attacker could exploit this by breaking out of the intended configurations and attaches extra and often unintended functionality. By permitting…

Pranieth Chandrasekara

Application Security Engineer at 99x | OWASP Community Volunteer | Interested in Challenges which pushes to think outside the box.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store