What follows in the article is a brief overview of a OWASP Top 10 2017 vulnerability - A7-Insufficient Attack Protection.
This post is useful for beginners who want to understand about Insufficient Attack Protection and for developers to help protect their applications against this vulnerability.
Whenever a user with malicious intention visits any application, his first motive is to damage the application or to create a sense of panic among the application’s admins or users who are using the application.
It is natural behaviour for most attackers targeting an application to perform extensive research about the application, its services and categories of users accessing the application. The research usually starts with an ‘information gathering’ phase which includes collecting information about the application stack and usernames that are available to any random user who has access to the application, in addition to observing contact-us forms’ structures.
Once the attackers have enough information about the application, they try to start with their attacks on the application.
Entersoft has an exhibit (Stall #14) in this year's Decision Summit - an exclusive invite only conference for CISOs and senior security professionals. We are excited to interact with the top 100 CISOs of India.
Our take on the latest release of the OWASP 2017 checklist is that there are only minor changes made to the list. A couple of vulnerabilities have been merged into a single vulnerability. OWASP has added two more to the list with no major changes in their Top 10. Technically, they haven’t changed much. They split a single vulnerability into two categories back in 2007 and now they have combined them again. Those vulnerabilities lost the importance of being two separate entities.
A push towards digital economy (otherwise known as demonetization) by the Indian government is changing the way businesses and governments are run in the country. Source