Whether you are a developer and/or just a normal user, if I ask you: What is a good software? What are the first thoughts that come to your mind? “Easy to use”, “Fast”, “Easy to update”. Am I right? Well, you probably thought about these ones because they are easy to spot, if a software is slow to perform a task or the “send” button is nowhere to be found, anyone can noticed that, but what about security? Can you tell if a software is secure and no one can hack it?
According to the OWASP, these are The Ten Most Critical Web Application Security Risks.
- (SQL/Command) Injection;
- Broken Authentication and Session Management;
- Cross-Site Scripting (XSS);
- Insecure Direct Object References;
- Security Misconfiguration;
- Sensitive Data Exposure;
- Missing Function Level Access Control;
- Cross-Site Request Forgery (CSRF);
- Using Known Vulnerable Components;
- Unvalidated Redirects and Forwards;