

OWASP Top 10 - 2017 Prevention¶

Version: 2.0

This section categorizes OWASP Top 10 2017 prevention techniques that should be followed by WSO2 engineers while engineering mobile applications.

A1 - 2017 - Injection¶

In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Injection type of vulnerabilities.

SQL Injection: Please refer to General Recommendations for Secure Coding - SQL Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
LDAP Injection: Please refer to General Recommendations for Secure Coding - LDAP Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
HTTP Response Splitting (CRLF Injection): Please refer to General Recommendations for Secure Coding - HTTP Response Splitting (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
Log Injection/ Log Forging (CRLF Injection): Please refer to General Recommendations for Secure Coding - Log Injection/ Log Forging (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Broken Authentication type of vulnerabilities.

Session Hijacking: Please refer to General Recommendations for Secure Coding - Session Hijacking section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
Session Fixation: Please refer to General Recommendations for Secure Coding - Session Fixation section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
Session Prediction: Please refer to General Recommendations for Secure Coding - Session Prediction section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

In OWASP Top 10 - 2017, the following vulnerabilities were discussed under Sensitive Data Exposure type of vulnerabilities.

Heap Inspection Attacks: Please refer to General Recommendations for Secure Coding - Heap Inspection Attacks section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
Privacy Violation - Password AutoComplete: Please refer to General Recommendations for Secure Coding - Privacy Violation - Password AutoComplete section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - XML External Entity (XXE) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

In OWASP Top 10 - 2017, the vulnerabilities were discussed under Broken Access Control type of vulnerabilities.

Insecure Direct Object References: Under this section, OWASP has discussed the Path Traversal vulnerability. Please refer to General Recommendations for Secure Coding - Path Traversal section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
Missing Function Level Access Control: Please refer to General Recommendations for Secure Coding - Missing Function Level Access Control section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - Security Misconfiguration section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - Cross-Site Scripting (XSS) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - Insecure Deserialization section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - Using Known Vulnerable Components section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Please refer to General Recommendations for Secure Coding - Insufficient logging and Monitoring section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.