With the uptake of cloud computing and the advancements in browser technology, web applications and web services have become a core component of many business processes, and therefore a lucrative target for attackers. Over 70% of websites and web applications however, contain vulnerabilities that could lead to the theft of sensitive corporate data, credit cards, customer information and Personally Identifiable Information. Infinity Risk examines your web applications from a coding and implementation flaw perspective, and also looks at other issues like SQL injection and cross-site-scripting (XSS), involving active exploitation of vulnerabilities in order to gain access.
OWASP Top 10 (Open Web Application Security Project)
|
A1
|
Injection
|
|
A2
|
Broken Authentication and Session Management (XSS)
|
|
A3
|
Cross Site Scripting (XSS)
|
|
A4
|
Insecure Direct Object References
|
|
A5
|
Security Misconfiguration
|
|
A6
|
Sensitive Data Exposure
|
|
A7
|
Missing Function Level Access Control
|
|
A8
|
Cross Site Request Forgery (CSRF)
|
|
A9
|
Using Components with Known Vulnerabilities
|
|
A10
|
Unvalidated Redirects and Forwards
|
