OWASP Top 10 - 2017 Prevention¶
Version: 2.0
This section categorizes OWASP Top 10 2017 prevention techniques that should be followed by WSO2 engineers while engineering mobile applications.
A1 - 2017 - Injection¶
In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Injection type of vulnerabilities.
- SQL Injection: Please refer to General Recommendations for Secure Coding - SQL Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- LDAP Injection: Please refer to General Recommendations for Secure Coding - LDAP Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- HTTP Response Splitting (CRLF Injection): Please refer to General Recommendations for Secure Coding - HTTP Response Splitting (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- Log Injection/ Log Forging (CRLF Injection): Please refer to General Recommendations for Secure Coding - Log Injection/ Log Forging (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A2 - 2017 - Broken Authentication¶
In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Broken Authentication type of vulnerabilities.
- Session Hijacking: Please refer to General Recommendations for Secure Coding - Session Hijacking section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- Session Fixation: Please refer to General Recommendations for Secure Coding - Session Fixation section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- Session Prediction: Please refer to General Recommendations for Secure Coding - Session Prediction section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A3 - 2017 - Sensitive Data Exposure¶
In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Sensitive Data Exposure type of vulnerabilities.
- Heap Inspection Attacks: Please refer to General Recommendations for Secure Coding - Heap Inspection Attacks section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- Privacy Violation - Password AutoComplete: Please refer to General Recommendations for Secure Coding - Privacy Violation - Password AutoComplete section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A4 - 2017 - XML External Entity (XXE)¶
Please refer to General Recommendations for Secure Coding - XML External Entity (XXE) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A5 - 2017 - Broken Access Control¶
In OWASP Top 10 - 2017, the vulnerabilities were discussed under Broken Access Control type of vulnerabilities.
- Insecure Direct Object References: Under this section, OWASP has discussed the Path Traversal vulnerability. Please refer to General Recommendations for Secure Coding - Path Traversal section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
- Missing Function Level Access Control: Please refer to General Recommendations for Secure Coding - Missing Function Level Access Control section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A6 - 2017 - Security Misconfiguration¶
Please refer to General Recommendations for Secure Coding - Security Misconfiguration section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A7 - 2017 - Cross-Site Scripting (XSS)¶
Please refer to General Recommendations for Secure Coding - Cross-Site Scripting (XSS) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A8 - 2017 - Insecure Deserialization¶
Please refer to General Recommendations for Secure Coding - Insecure Deserialization section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A9 - 2017 - Using Known Vulnerable Components¶
Please refer to General Recommendations for Secure Coding - Using Known Vulnerable Components section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
A10 - 2017 - Insufficient logging and Monitoring¶
Please refer to General Recommendations for Secure Coding - Insufficient logging and Monitoring section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.