The OWASP training for security testing by Shangyun Technology has concluded

Recently, the novel coronavirus epidemic has been rampant. People all over the country have been making continuous efforts and struggles to fight the epidemic. Especially the medical workers and grassroots government officials on the front line, they have put the greater good before their own families and are willing to sacrifice their precious lives to ensure the physical health of patients. They are racing against time. What else can we ordinary people say? We can only follow the government's call to work from home and contribute our humble efforts to the improvement of the social economy.

The entire security testing tool training of our company this time was conducted remotely online. Employees from all departments listened to the speaker's sharing on the knowledge of security testing OWASP at home remotely.

第三方安全测试

At present, website security is still relatively unfamiliar to various industries. Some people in the technical circle who have a little knowledge of security testing are familiar with OWASP. The TOP 10 (Top 10 Web Application Security Risks) of OWASP provides awareness about Web application security. OWASP is an open-source, non-profit global security organization dedicated to the research of application software security. They regularly release a list of the top10 security risks for Web applications, which is an important resource for understanding which attack methods need the most attention. It plays a crucial role in enhancing the third-party security evaluation (vulnerability scanning, penetration testing, source code security) capabilities of our company's testers, providing them with directions for exploring security testing risks, and safeguarding the security testing of the owner's information system.

1. Injection

2. Identity verification has failed

3. Leakage of sensitive information

4. XML external entities

5. Access control failure

6. Incorrect security configuration

7. Cross-site Scripting XSS

8. Unsafe deserialization

9. Use components with known vulnerabilities

10. Insufficient logs and monitoring

OWASP top10 is a tool that can enhance the security of any WEB information system. It is a magic weapon for our testers and an important knowledge base for effectively dealing with common types of attacks.


Related articles