{"id":6818,"date":"2020-10-26T12:29:18","date_gmt":"2020-10-26T16:29:18","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/?p=6818"},"modified":"2020-10-26T12:29:18","modified_gmt":"2020-10-26T16:29:18","slug":"week-9-reading-discussions-owasp-top-10","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/2020\/10\/26\/week-9-reading-discussions-owasp-top-10\/","title":{"rendered":"Week #9 Reading Discussions: OWASP Top 10"},"content":{"rendered":"<p><strong>OWASP Top 10<\/strong><\/p>\n<ul>\n<li>Broken authentication: when authentication and session management are implemented incorrectly, attacks can compromise the user&#8217;s credentials and exploit their identities. I see this happen frequently and there are industry standards such as lock-out policies, timeout sessions that can help mitigate this security risk. However, many organizations fail to do so because they are unaware of the severity of these flaws.<\/li>\n<li>Broken access control is when restrictions on authenticated users are not properly reinforced. From a security standpoint, less is more. Users with administrative privileges should only be limited to admins of the system, if a standard user&#8217;s credentials were hacked and access controls weren&#8217;t in place, the scope of damage would increase significantly.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Questions<\/strong><\/p>\n<ol>\n<li>What security risk have you encountered? Or what do you think can lead to the most damage?<\/li>\n<li>What are some mitigation tactics companies can have to protect themselves against these risks?<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>OWASP Top 10 Broken authentication: when authentication and session management are implemented incorrectly, attacks can compromise the user&#8217;s credentials and exploit their identities. I see this happen frequently and there are industry standards such as lock-out policies, timeout sessions that can help mitigate this security risk. However, many organizations fail to do so because they [&hellip;]<\/p>\n","protected":false},"author":14985,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-6818","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6818","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/users\/14985"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/comments?post=6818"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6818\/revisions"}],"predecessor-version":[{"id":6819,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/posts\/6818\/revisions\/6819"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/media?parent=6818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/categories?post=6818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec702fall2020\/wp-json\/wp\/v2\/tags?post=6818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}