The most commonly encountered web application vulnerabilities in 2019 involved Security Misconfiguration. One out of every five tested applications contained vulnerabilities allowing the hackers to attack a user session, such as sensitive cookies without the HttpOnly and Secure flags. Attackers can use such flaws to perform Cross-Site Scripting (XSS) in order to capture the user’s session identifier and impersonate the user in the application.
Broken Authentication was found in 45 percent of web applications. Almost a third of such vulnerabilities consist of failure to properly restrict the number of authentication attempts. An attacker can exploit this to brute-force credentials and access the web application. For instance, one of the applications could be accessed with administrator rights after only 100 attempts.
To learn more about web security register for free course.