A brief overview of OWASP top 10 risks and what it takes to minimize them in java.(Part -3)

  1. Implementing proper access controls is the primary defence mechanism used against insecure direct object reference attacks.
  2. Using indirect references for internal data without exposing the internal keys.
  3. Avoid using predictable keys where applicable. ( eg: bank account id’s)

5 Security Misconfiguration

  1. Usage of software without being updated properly.
  2. Unnecessary features being enabled or installed.
  3. Using default account usernames and passwords.
  4. The error handling revealing stack traces or other overly informative error messages to users.
  5. The security settings in development frameworks (e.g., Struts, Spring) and libraries has not been set to secure values.
  6. Turning off or choosing not to install the features which are not needed and applying the principle of “least privilege [3] “
  7. Changing the security configurations as necessary and not using the default security configurations which are known to everybody.
  8. Making sure the packages used are up to date.

Lead Software Engineer @ IFS, Former intern at @ WSO2 inc.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

111EMA/SMA Pi Golden Multipliers


Anxious Dyspraxic Learns to Code – Week 1 at Makers

Orange Wallet x Kommunitas

C# how to handle exceptions to illustrate try-catch action with Exceptions

Run Multiple Containers With Docker Compose

Generic Classes in C++

RabbitMQ cluster on Kubernetes using Terraform

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Kasun Balasooriya

Kasun Balasooriya

Lead Software Engineer @ IFS, Former intern at @ WSO2 inc.

More from Medium

Gavin Maloof Joins Tezotopia To Build Metzopia: The Virtual Vegas

Veganism in Pakistan

The Next Phase of Momatu is Coming Soon

XI AM READY FOR “TOO MUCH” — Apprenticeship to Love: Daily Meditation for the Sacred Masculine…