Trending Vulnerabilities with Insights to OWASP TOP 10

Transcript

1. Trending Vulnerabilities with Insights to OWASP TOP 10 By –

   Harsh Bothra

2. Who-Am-I? Cyber Security Consultant @RedHuntLabs Core Pentester @Cobalt.io Lazy Bug

   Bounty Hunter – Bugcrowd | Synack | Private Author | Blogger | Speaker Creator @ProjectBheem Going through #Learn365

3. AGENDA INTRODUCTION TO APPLICATION SECURITY OWASP TOP 10 TRENDING VULNERABILITIES

   HUNTING : MY WAY

4. Introduction to Application Security

5. Application Security – Tech Classification Web Application Mobile Application APIs

   Thick Clients

6. OWASP TOP 10 Injection Broken Authentication Sensitive Data Exposure XML

   External Entities Broken Access Control Security Misconfiguration Cross-Site Scripting Insecure Deserialization Using Component with Known Vulnerabilities Insufficient Logging and Monitoring

7. Commonly Identified Vulnerabilities Sensitive Information in JS & Public Resources

   Broken Access Controls Authorization Check Bypass & Privilege Escalations Server-Side Request Forgery Cross-Site Scripting Business Logic Abuse

8. Trending Vulnerabilitiies GraphQL Vulnerabilities WebSocket Vulnerabilities OAuth Vulnerabilities SAML Vulnerabilities

   NoSQL Injection Cache Based Vulnerabilities Bypasses JWT

9. Approaching Trending Vulnerabilities Hunting – My Way!

10. TIPS & TRICKS!

11. GET IN TOUCH AT Twitter: @harshbothra_ LinkedIn: /in/harshbothra Instagram: @harshbothra_

    SpeakerDeck: /harshbothra Email: [email protected]

12. Thank you!