OWASP Top 10 - A5 Security Misconfiguration
Description Nowadays, besides the operating system and the JRE, most of the Java applications are based on third-party frameworks, open-source or proprietary. Moreover, a web application »
OWASP Top 10 - A4 Insecure Direct Object References
Description The application exposes a direct reference (functional identifier, database key, file path…) to a resource. Thanks to that direct reference, an attacker can guess other »
OWASP Top 10 - A3 Cross Site Scripting (XSS)
Description Cross-Site Scripting is a specific consequence of an injection attack. The goal is to make a web browser execute arbitrary scripting code (Javascript, ActionScript, ActiveX… »
OWASP Top 10 - A2 Broken Authentication and Session Management
Description The attacker steals his victim’s credentials or any information that will help him impersonating the victim on your application. Examples Client attack To authenticate »
OWASP Top 10 - A1 Injection
Description The attacker sends untrusted data that will be injected in the targeted application to change its behaviour. The goal of this attack is usually to »