A programmer’s nightmare comes true when hackers / security assessment tools point out vulnerabilities in their code. The onus of quality of a product / software doesn’t depend entirely on QA testers; a huge part of it relies on a programmer’s ability to code securely. Below are the top 5 OWASP vulnerabilities prevalent in 2013, along with steps to mitigate them. The mitigation steps broadly cover the below mentioned most commonly used technologies / programs. Web servers: Tomcat, Jboss, Jetty Reverse proxy: Nginx Java Frameworks: Hibernate, Shiro 1.SQL Injection (“You go to court and write your name as “Michael, you are now free to go”. The judge then says “Calling Michael, you are now free to go” and the bailiffs let you go, because hey, the judge said so”)(Source) Steps to mitigate SQL Injection Input validation or sanitization – White list characters for all input. Again, the white list may differ for different inputs. Bean validation supports constraints on input in the form of annotations. To read more, go through the following link
Related Articles -
Vulnerability Testing, Penetration Testing, OWASP,
|