info@brightest.be
+32 3 450 88 42

Technical Thursday

See other blogs

How can OWASP help you with application security?

07 Oct
Posted by: Eva
Category: security testing
No Comments
‘Hackers are having a field day with cheap smart appliances’, ‘Facebook data from 3 million Belgians sloshing about on the internet’, ‘Client data of Dutch and Belgian online shoppers put up for sale on the internet’, ‘Cyberattack on Defence Ministry and PM’s websites’… The list of articles related to application security and data protection is getting longer every day. It is, more than ever, a hot topic for developers and testers to secure applications against malicious practices. To keep up with the latest developments in security risks and solutions, we can highly advise the OWASP standards.

OWASP, whut?

Firstly, what is OWASP? Open Web Application Security Project, also known as OWASP, is an open-source project that provides free information on application security. The OWASP foundation describe themselves as:

“A nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web.

The source for developers and technologists to secure the web

Every few years OWASP releases a top 10 of vulnerabilities, a broad consensus about the most critical security risks to (web) applications. It’s an ‘awareness’ document for companies to include in their processes, in order to minimize the risks. To better understand the subject, let’s look at an example.

For example ‘injection’


One of the items in the top 10 is ‘Injection’. Let’s say you are using a website and you click on a product. In the background, the application can send a SQL query to the database like this:

SELECT Product_Name, Product_Description
FROM Products
WHERE Product_id = 123

In this case, the user will receive the name and description of the product with id 123. Pretty straightforward. Now, let’s assume that you intercept that query, slightly modify it and send it to the database like this:

SELECT Product_Name, Product_Description
FROM Products
WHERE Product_id = 123 OR 1 = 1

In the above case, we have added the ‘OR 1=1’ statement to the query. One equal to one is always true, so if we send that query to the database, we would get a list of ALL the products. Even items that were maybe hidden or not available to our user profile.

And we could even be more creative. Let’s say we would again modify the existing query and merge it with another query:


SELECT Product_Name, Product_Description
FROM Products
WHERE Product_id = 123 UNION SELECT Username, Password FROM Users

By adding the additional Union query, we could get a hold of all the usernames and passwords of the application. Or we could just as easily ‘DROP’ a table and by doing so, make the application fail.

The essence

Without going into detail on how to protect your application against these different kinds of attacks, it is clear that developers and testers need to be aware of these risks and should know how to secure their applications against them.

At Brightest we are investing a lot in our security solution. We strongly believe we can deliver better quality if the vulnerabilities of the application are also tested and secured. If you want to know more about this topic, please contact us or register for our training on web application security on 29/10.

Broaden my knowledge Web application security training

MUST KNOW: you can now claim an increased support percentage via the KMO-portefeuille
https://www.vlaio.be/nl/nieuws/verbeter-de-cybersecurity-van-je-bedrijf-een-laagdrempelig-verbetertraject-met-de-kmo

Arrow right

Contact us!

    Written by Stef Geeurickx, Domain Lead & Regional Manager.

    Other blogposts

    pexels-fauxels-3183183 - Bewerkt
    5 tips for ERP test data management

    The implementation of proper test data management is essential for ERP landscapes. But preparing and managing test data has some challenges. Find our 5 best practices for it here.

    Security testing banking
    Why is security testing so important for the banking industry?

    Data breaches lead to a lack of trust among customers. Therefore security testing is extra important for the banking industry.

    ERP testing
    How to make ERP testing less complex?

    ERP systems are the backbone of many organizations. They are very complex, so in-depth ERP testing is important. Here are 2 tips that can help.

    INTERNATIONAL WOMEN'S DAY
    Why more women should work in software testing

    On this international women’s day we would like to focus on women in software testing. And why they are perfect for the job!

    jason-goodman-Oalh2MojUuk-unsplash-Bewerkt
    3 reasons why you should invest in professional ERP testing

    Like many others, you are now either adopting an entirely new Enterprise Resource Planning system or you are lifting your current on-premise ERP to the Cloud. Did you know that around 60% of ERP projects fail with inadequate (ERP) testing listed as one of the top 3 reasons for project failure? Discover here 3 reasons why investing in ERP-testing pays off!

    Technical Thursday
    The importance of phishing awareness

    The recent cyberattacks in the cities of Antwerp and Diest have once again emphasized the importance of IT security. The attackers used phishing to get inside the system and to steal personal data. But what is phishing and how can we help you preventing it?

    new_year_resolution_2018
    Software quality wish list and new year’s resolutions

    At Brightest we like sharing and caring. So, in that spirit, let me share with you some inspiration for your Xmas wish list or NY resolutions.

    brightest day-5
    Tous Ensemble

    Wat startte als een zot idee, eindigde in een prachtige dag voor de ganse #Brighcrew. Het was geweldig om te zien dat echt het hele team genoot van deze dag, waarbij oude banden opnieuw werden versterkt en veel nieuwe connecties werden gelegd.

    Tags: , , ,
    Copyright © 2023 Brightest | Website by Meetchum.