Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
DADA/Articles/st02_OWASP_Top10.md
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
40 lines (30 sloc)
1.68 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
title: "OWASP Top 10 (This needs a better name)" | |
--- | |
Cyber Security is a complex area that has an impact on a wide range of | |
subjects. There are many classes of vulnerabilities, each affecting a | |
set of services or applications. | |
One area that is of particular interest is security on the web. As | |
society becomes increasingly digital, the web is becoming more | |
embedded in our lives. The [OWASP](https://www.owasp.org/) (Open Web | |
Application Security Project) has been tracking web based | |
vulnerabilities since 2004, surveying organisations and collating | |
information on the types of cyber attack that affect websites. | |
> NOTE: Security researchers love lists. As well as OWASP for web, | |
> there are several other "Top 10's"; they let us work out what issues | |
> to focus on. However, as new threats occur, any security audit based | |
> on only the top10 is probably not comprehensive enough. | |
As well as advice on mitigating security issues, each year they | |
produce a report (the OWASP top 10), presenting the most common | |
threats that have occurred that year. This report can provide | |
security researchers with areas to focus on, and will highlight new | |
trends in the types of attack that may occur. | |
# Task (~1 Hour) | |
Let's start thinking about security - take a look at the OWASP Top 10 Web | |
vulnerabilities, | |
[OWASP Top10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) | |
In the forums discuss: | |
- Which of the vulnerabilities do you think is the most "Dangerous"? | |
- Can you think of an example of a recent "Hack" you have heard | |
about that has used one of the OWASP top 10? | |
- Look back through previous versions of the top 10 - what trends can you see? Are there any problems that have been "Fixed"? |