OWASP (Open Web Application Security Project) is an open and collaborative web security audit methodology that is oriented towards web application security analysis and it is used as a point of reference in security auditing. At Tarlogic, we use the OWASP methodology in every web security audit to analyze and evaluate risks.
The analysis of the controls, which are defined by this methodology, allows our auditing team to provide a correct platform analysis, ensuring that all attack vectors have been analyzed and all security issues have been detected. This process helps improve the security and protection of our clients’ IT systems
There are two main approaches for performing OWASP-based security audits
1 – OWASP TOP-10 Audit: Under this type of web audit approach, the web application is analyzed for usual weaknesses that are associated with a greater impact on the system security.
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Authentication and session management
- A4: Insecure direct object references
- A5: Incorrect security configuration
- A6: Exposure of sensitive data
- A7: Lack of function access control
- A8: Cross-site request forgery (CSRF)
- A9: Use of components with known vulnerabilities
- A10: Invalid redirects and forwards
A OWASP TOP-10 web security audit is recommended when assessing web application security for the first time or when the security in this environment is not critical for the company. This type of audit offers a good balance between effort invested and results.
2 – Full OWASP Audit: The purposed of a complete OWASP audit, based on the OWASP methodology, is to validate the 87 controls defined by this methodology, mainly focusing on issues related to the logic of the particular business. This is the ideal approach in case of high criticality, and it helps shield a system against cyber attacks.
Contact Tarlogic for an OWASP-based web security audit to protect your business applications.