OWASP Top 10
- Broken authentication: when authentication and session management are implemented incorrectly, attacks can compromise the user’s credentials and exploit their identities. I see this happen frequently and there are industry standards such as lock-out policies, timeout sessions that can help mitigate this security risk. However, many organizations fail to do so because they are unaware of the severity of these flaws.
- Broken access control is when restrictions on authenticated users are not properly reinforced. From a security standpoint, less is more. Users with administrative privileges should only be limited to admins of the system, if a standard user’s credentials were hacked and access controls weren’t in place, the scope of damage would increase significantly.
Questions
- What security risk have you encountered? Or what do you think can lead to the most damage?
- What are some mitigation tactics companies can have to protect themselves against these risks?
Leave a Reply
You must be logged in to post a comment.