OWASP Top 10

How We Use the OWASP Top 10​​

To ensure consistency in our approach to application penetration services, Bridewell Consulting use the OWASP Top Ten framework, along with carefully-selected industry sources, for our penetration tests.

Below is a full breakdown of the OWASP Top Ten regarding application testing.

1. Injection Flaws (Such as an SQL Injection)

When untrusted data is sent to interpreters via queries or commands.

2. Broken Authentication 

Session management and authentication functions can be implemented incorrectly.

3. Data Exposure

Some applications and APIs can’t adequately protect sensitive data (for example, financial information), which attackers can steal or modify to use fraudulently.

4. XML External Entities (XXE)

XML processors evaluate external entities, which can be used to disclose internal files.

5. Broken Access Control

It’s important to enforce correct restrictions on what authenticated users can do, as these flaws can be easily exploited by attackers.

6. Security Misconfiguration

This is the result of insecure default configurations, open cloud storage or misconfigured HTTP headers.

7. Cross-Site Scripting XSS

These flaws happen whenever apps include invalidated information in new web pages. Or when apps update existing pages with user-supplied data using browser APIs.

8. Insecure Deserialisation

This often leads to remote code execution or other potential attacks thanks to deserialisation flaws.

9. Component Vulnerabilities

Mobile app components (e.g. libraries and frameworks) run with the same privileges as the app; any vulnerable components that are exploited can result in device or server takeovers.

4.Insufficient Monitoring and Logging

This speaks for itself, which, along with ineffective or missing integration with incident response, can open up systems to further attacks.

Our Services

Let’s talk. Speak to our experts to see how we can work together, keeping your business protected and productive.