OCU C)SP A Week 02 Lesson 04 Discussion
- This topic has 3 replies, 8 voices, and was last updated 3 months ago by .
- You must be logged in to reply to this topic.
Home » Topics » OCU C)SP A Forum » OCU C)SP A Weekly Discussions » OCU C)SP A Week 02 Lesson 04 Discussion
Discuss at least one of the top 10 OWASP security principles and why it is a critical control.
Injection Flaws
What is it?
Imagine you’re giving commands to a robot by writing them down. Now, if someone sneaks in and adds extra commands to your list without you noticing, the robot will execute them. Similarly, in the digital world, injection flaws happen when attackers can sneak malicious data into a system, which gets processed as commands.
Why is it critical?
Wide Applicability: Many applications interact with databases or other systems by sending commands. If not done securely, it can be a loophole.
Severe Impact: Successful injection can give attackers access to unauthorized data, corrupt data, or even take control of the system.
Common Occurrence: Due to the widespread use of input in web applications and often lack of proper validation, this flaw is prevalent.
How to prevent it?
Validation: Always validate and sanitize any data being entered by users.
Prepared Statements: Instead of dynamically constructing commands, use prepared statements which ensure that the input data is always treated as data and never as a command.
It’s like making sure that when you’re having a conversation, the other person can’t suddenly take control and make you say or do things you didn’t intend. It’s important to keep those boundaries clear and secure.
Reference:
OWASP. “OWASP Top 10:2021.” OWASP, 2021, owasp.org/Top10/.
Here’s a good article on the OWASP security principles.
https://www.veracode.com/security/owasp-top-10
One of these principles is a broken authentication system such as if an authentication system has a back door or other hole in it. If that happens, people will discover it and enter without actually being an approved user. A great way to mitigate against this is multi-factor authentication.
Yes. It’s clear that old threats, like Injection, are still big concerns. What stands out is that using safe third-party tools is vital, as weak ones can be a security risk. Basically, the OWASP Top 10 reminds developers to always keep security front and center when creating apps.
The support ticket system is for technical questions and post-sale issues.
If you have pre-sale questions please use our chat feature or email information@mile2.com .
Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.
Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range. We train students in penetration testing,disaster recovery, incident handling, and network forensics. Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.