Software Development Common web application vulnerabilities and how to avoid them

13 May 2021

Today web apps are everywhere and are used by almost everyone. It is a critical part of most business flows, a way for companies to connect to their customers and clients. From conveying information to providing a service, the level of complexity can vary widely as well as the level of care needed to secure them.

 

In 2018 there was a total of 1,6 billion websites (unique hostnames). There is no denying that the internet is a big part of our daily lives in one way or another. Our job as developers is not only to provide functional, efficient and innovative solutions for customers but to make sure that they are secure as well.

The OWASP Top 10

(OWASP), a foundation that aims to improve the security of software. The OWASP Top 10 project is a document that developers can and should use as a first step checklist to minimise the listed security risks in their solutions.

 

Injection

Injection vulnerabilities, especially SQL injections, are unfortunately quite common. They occur when an application sends untrusted data to an interpreter (e.g., a website sending unsensitised user-inputted data to the backend).

 

Along with SQL injection, SOAP, XPath, LDAP and REST based queries can be susceptible to injection attacks, thus allowing for data retrieval or control bypass.

 

SQL Injection

A SQL injection attack consists of the injection of either a partial or complete SQL query, via data input, from the client to the web application. This could allow the reading and modification of sensitive data that the client user should not have access to.

 

Vulnerability — Unparameterized SQL queries

Imagine you used the following query to check whether the supplied login credentials are valid

Go to website for more: https://www.dvt.co.za/news-insights/insights/item/437-software-development-common-web-application-vulnerabilities-and-how-to-avoid-them

More posts to explore