The
Cybernation
Project

This website is to serve as an information source about the most popular attack forms that are utilized to compromise web applications.

Vulnerabilities

About

Introduction

This website is to serve as an information source about the most popular attack forms that are utilized to compromise web applications. The information regarding the target vectors has been obtained from the OWASP top 10 2019 list. The website has separate pages created exploring each of the vulnerabilities and where possible, hackable interfaces have also been provided to help novices get an idea about how attacks are actually carried out. A seaparate section has also been created for netizens or everyday internet users to emphasize some of the healthy practices they can adopt to be free from attacks in the cyber space.

OWASP

Open Web Application Security Project

OWASP is an acronym that stands for Open Web Application security project. This is a non-profit organization with the goal to improve software security. Their main objective is to create open source projects and hold educational/ training oriented conferences about securing the web. The organization is about two decades old and focuses primarily on providing developers and technologists with materials such as tools and resources to secure the web. Some of the notable contributions of this organization are the spotlight project of OWASP titled Mobile Security Testing Guide or MSTG for short and the OWASP top 10.

The OWASP top 10 is perhaps the most widely known and highly valuable contribution of this organization to the world of web application security. This is a regularly updated report created every year by a curated team of top security professionals from all over the world. The OWASP top 10 outlines the main concerns for web application security. It serves as an awareness report and OWASP recommends that all organizations that have associated web applications should incorporate them into their framework. This document serves to mitigate security risks or at the very least minimize them. Every year it focuses on the top 10 most critical risks both in terms of volume and the extent of damage that they can cause to the associated organization.

For Netizens

10 Tips for Browsing Safely

Keep your browser
and any plugins updated

View more

Keep your browser
and any plugins updated

  • Web browsers are often your first point of contact with the internet no matter what device you are using.

  • Developers release frequent updates to ensure you can experience the latest the web has to offer – more than ever websites are taking advantage of all the new features enabled by HTML5 video and audio, advanced styling and improved speeds.

  • Many sites have stopped supporting older versions browsers, due to compatibility and security concerns.

  • Hackers often target vulnerabilities in web browsers which is why the companies that make them release regular updates to patch any vulnerabilities.

Use
Developer

View more

Frontend
Developer

  • Most modern browsers allow you to create an account so that you can reduce your reliance on search engines and synchronize your bookmarks between your laptop, tablet, and smartphone.

  • Many even enable you to see the pages you have open in other devices and open them in the device you are using at the time.

Block
Pop-ups

View more

Block
Pop-ups

  • While desktop pop-ups from your operating system are unavoidable, pop-ups in your web browser can often be switched off.

  • Browser pop-ups typically open new browser windows to push adverts, and while most are just annoying, some can contain malicious links or inappropriate content.

  • Most browsers come with filters that automatically block pop-ups and enable you to allow them for those trusted sites where they may be advantageous.

Use an
ad blocker

View more

Use an
ad blocker

  • Pop-up ads and the feeling of ads following you around the internet have led to the rise in popularity of the adblocker.

  • Ad blockers stop webpages showing you ads, which sounds great until you realize how controversial this subject is and the profound impact it could have on the websites you visit.

  • Most websites are paid for by ads on a pay per impression basis – so if you have an ad blocker running, you deny the publisher the revenues that are paying to keep the site going.

  • By all means, protect yourself using an ad blocker, but do consider whitelisting your favorite sites as the ad revenue is what keeps them in business!

Enable
“do not track”
in your browser

View more

Enable
“do not track”
in your browser

  • Many browsers include the ability to send a “do not track” request to websites which asks them not to collect or track your browsing data.

  • However, what happens depends on how the sites respond to the request – but most websites and web servers don’t change their behavior and would appear to ignore the request.

  • Still, making it clear you don’t wish to be tracked is a good start.

Clear your
web browser
cache and cookies

View more

Clear your
web browser
cache and cookies

  • Even if websites do decide to track your browsing data, you can limit the impact by regularly clearing your browser cache and deleting unwanted cookies.

  • This prevents ads from following you around the web and can also ensure you have the latest version of a web page downloaded. All major browsers allow you to do this manually, and you can easily clear all your data, but there are also software options that automate the process to make your life easier

  • Whichever route you choose to go it may be worth considering whitelisting those sites that you regularly log in to avoid having to re-enter login details constantly.

Turn on
private browsing

View more

Turn on
private browsing

  • Private browsing protects your private information and blocks some websites from tracking your search and browsing data.

  • It won’t hide your activity from your internet service provider, but it does reduce the accumulation of cookies and can be helpful if you are buying presents online for a significant other.

Use a VPN

View more

Use a VPN

  • Virtual proxy networks or VPNs help you maintain your privacy by encrypting your data and internet requests before they ever hit the internet.

  • The technology works the same no matter how you have connected to the internet – the encrypted data is sent to the VPN server which decrypts the requests before sending them on to the online destination.

  • The information is then sent back through the same process meaning that sites, advertisers and internet service providers can’t track what you are doing. VPNs such as the one included in Panda Dome uses the most secure encryption protocols on the market to ensure the only person that can see your data is you.

Use a
password manager

View more

Use a
password manager

  • The number of password leaks that occur when websites are hacked makes it very dangerous to reuse the same password for a range of different sites.

  • To prevent password leaks from being too damaging, you need to use unique passwords on every website. These should also be strong passwords – long, unpredictable passwords that contain numbers and symbols

  • However, remembering strong passwords for all those different passwords is almost impossible – that’s where a password manager comes in.

  • They encrypt and securely store your login information for all the websites you used and help you log in automatically – leaving you to remember just the one master password.

Ensure you have
up-to-date antivirus
& firewall protection

View more

Ensure you have
up-to-date antivirus
& firewall protection

  • You need antivirus and firewall protection software on your computer no matter how carefully you browse the web or how smart you think you are about the links you click and the files you open

  • Threats can be hidden in even in the most reputable websites or files from the most trusted of sources and ensuring you are protected with a smart antivirus platform is well worth a small investment in time to ensure you are protected.

  • The most reputable antivirus software solutions currently available, use big data and AI to monitor every running application and detect attacks before they happen.

The Top 10 Vulnerabilities

Get started with the very basics of cybersecurity

SQL Injection

Injection or SQL injection is a technique that can be used by malicious external entities to send invalid data to the web applications to make them malfunction and do something they were not intentionally intended to do.

Read More

Broken Authentication Vulnerability

If this vulnerability exists in a system, the attacker can gain control over select user accounts or even complete administrative control over the system using manual or automatic means.

Read More

Sensitive Data Exposure

Sensitive data exposures when an organization accidentally exposes personal data of its users. Also known as data breach, these are one of the most wide-spread vulnerabilities.

Read More

XML External Entities (XXE)

An XML External Entities attack or XXE attack for short is a type of attack that is done against those web applications that parse XML input.

Read More

Broken Access Control

In cyber security, Access control means to put a limit to what areas a particular user or visitor can access depending upon their needs and levels.

Read More

Security Misconfigurations

Security misconfiguration may be defined as the failure to implement all the security controls for a server or web application, or implementing the security controls but doing so with errors.

Read More

Cross-Site Scripting (XSS)

Cross Site Scripting (XSS) is a widespread vulnerability that affects many web applications. XSS attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method.

Read More

Insecure Deserialization

Insecure deserialization also known as untrusted deserialization is a serious vulnerability and a major contributor to application security issues potentially affecting most modern systems.

Read More

Using Components with Known Vulnerabilities

This category of threats are applicable to all those websites that have a lot of dependencies or have legacy module dependant structure which may cause hinderance to regular updating cycles.

Read More

Insufficient Logging and Monitoring

The importance of securing a website cannot be overstated enough.

Read More