OWASP Top Ten: 2021 Edition

<!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" /> <meta name='robots' content='index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1' />  <title>OWASP Top Ten: 2021 Edition</title> <meta name="description" content="The OWASP Top Ten List has been updated this year! We outline the changes and what this means for website security best practices" /> <link rel="canonical" href="https://sucuri.net/guides/owasp_top_10_2021_edition/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="OWASP Top Security Risks & Vulnerabilities 2021 Edition" /> <meta property="og:description" content="The OWASP Top Ten List has been updated this year! We outline the changes and what this means for website security best practices" /> <meta property="og:url" content="https://sucuri.net/guides/owasp_top_10_2021_edition/" /> <meta property="og:site_name" content="Sucuri" /> <meta property="article:publisher" content="https://www.facebook.com/SucuriSecurity" /> <meta property="article:modified_time" content="2024-01-02T04:54:19+00:00" /> <meta property="og:image" content="https://sucuri.net/wp-content/uploads/2023/02/2022_Sucuri_Guide_OWASP-Top-10-Security-Risks-Vulnerabilities-2021-Edition.png" /> <meta property="og:image:width" content="2048" /> <meta property="og:image:height" content="962" /> <meta property="og:image:type" content="image/png" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@sucurisecurity" /> <meta name="twitter:label1" content="Est. reading time" /> <meta name="twitter:data1" content="26 minutes" />  <link rel='dns-prefetch' href='//cdn.jsdelivr.net' /> <link rel='dns-prefetch' href='//cdnjs.cloudflare.com' /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Feed" href="https://sucuri.net/feed/" /> <link rel="alternate" type="application/rss+xml" title="Sucuri » Comments Feed" href="https://sucuri.net/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/sucuri.net\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.6.2"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-components-css' href='https://sucuri.net/wp-includes/css/dist/components/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-preferences-css' href='https://sucuri.net/wp-includes/css/dist/preferences/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-block-editor-css' href='https://sucuri.net/wp-includes/css/dist/block-editor/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-reusable-blocks-css' href='https://sucuri.net/wp-includes/css/dist/reusable-blocks/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-patterns-css' href='https://sucuri.net/wp-includes/css/dist/patterns/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='wp-editor-css' href='https://sucuri.net/wp-includes/css/dist/editor/style.min.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuri_framework-cgb-style-css-css' href='https://sucuri.net/wp-content/mu-plugins/sucuri-framework/dist/blocks.style.build.css?ver=1645707241' type='text/css' media='all' /> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #fff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--color--green: #12A94B;--wp--preset--color--secondary-green: #41BA6E;--wp--preset--color--tertiary-green: #94D8AD;--wp--preset--color--blue: #2188AB;--wp--preset--color--secondary-blue: #6EB1C8;--wp--preset--color--tertiary-blue: #9AC9D8;--wp--preset--color--teal: #2D7A6D;--wp--preset--color--secondary-teal: #76A8A0;--wp--preset--color--tertiary-teal: A0C3BD;--wp--preset--color--darkblue: #0E406A;--wp--preset--color--secondary-darkblue: #61829D;--wp--preset--color--tertiary-dark-blue: #91A8BB;--wp--preset--color--red: #EA3232;--wp--preset--color--secondary-red: #F17070;--wp--preset--color--tertiary-red: #F5A2A2;--wp--preset--color--yellow: #F6DA23;--wp--preset--color--secondary-yellow: #F9E66F;--wp--preset--color--tertiary-yellow: #FAEE9B;--wp--preset--color--gray: #5D5D5D;--wp--preset--color--secondary-gray: #959595;--wp--preset--color--tertiary-gray: #B5B5B5;--wp--preset--color--form-gray: #D3D3D3;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='slick-css-css' href='https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-style-css' href='https://sucuri.net/wp-content/themes/sucuriwp/style.css?ver=6.6.2' type='text/css' media='all' /> <link rel='stylesheet' id='sucuriwp-theme-css' href='https://sucuri.net/wp-content/themes/sucuriwp/css/style.css?ver=1731466407' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-frontend-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-frontend.min.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='widget-image-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-image.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-nav-menu-css' href='https://sucuri.net/wp-content/uploads/elementor/css/custom-pro-widget-nav-menu.min.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='swiper-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6' type='text/css' media='all' /> <link rel='stylesheet' id='e-swiper-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/conditionals/e-swiper.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-8778-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-8778.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='e-popup-style-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/conditionals/popup.min.css?ver=3.25.2' type='text/css' media='all' /> <link rel='stylesheet' id='widget-heading-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-heading.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-text-editor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-text-editor.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-spacer-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-spacer.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-menu-anchor-css' href='https://sucuri.net/wp-content/plugins/elementor/assets/css/widget-menu-anchor.min.css?ver=3.25.4' type='text/css' media='all' /> <link rel='stylesheet' id='widget-code-highlight-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/widget-code-highlight.min.css?ver=3.25.2' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-9238-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-9238.css?ver=1731961808' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10522-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10522.css?ver=1731961666' type='text/css' media='all' /> <link rel='stylesheet' id='elementor-post-10539-css' href='https://sucuri.net/wp-content/uploads/elementor/css/post-10539.css?ver=1731961065' type='text/css' media='all' /> <link rel='stylesheet' id='google-fonts-1-css' href='https://fonts.googleapis.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CTitillium+Web%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=swap&ver=6.6.2' type='text/css' media='all' /> <link rel="preconnect" href="https://fonts.gstatic.com/" crossorigin><script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery.min.js?ver=3.7.1" id="jquery-core-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1" id="jquery-migrate-js"></script> <link rel="https://api.w.org/" href="https://sucuri.net/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://sucuri.net/wp-json/wp/v2/guides/9238" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://sucuri.net/xmlrpc.php?rsd" /> <link rel='shortlink' href='https://sucuri.net/?p=9238' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Fguides%2Fowasp_top_10_2021_edition%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://sucuri.net/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fsucuri.net%2Fguides%2Fowasp_top_10_2021_edition%2F&format=xml" /> <script type='text/javascript'>/*<![CDATA[*/(function(n,d,c){d.setTime(d.getTime()+2592000000);c=(new RegExp('[?&]'+n+'=([^&#]*)','i')).exec(window.location.search);if(c=c?c[1]:null)document.cookie=n+'='+c+';expires='+d.toUTCString()+';domain=.sucuri.net;path=/';})('cjevent',new Date());/*]]>*/</script><script src="https://tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.sync.js"></script><meta name="generator" content="performance-lab 3.5.1; plugins: "> <meta name="generator" content="Elementor 3.25.4; features: e_font_icon_svg, additional_custom_breakpoints, e_optimized_control_loading; settings: css_print_method-external, google_font-enabled, font_display-swap"> <style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style> <style> .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+4):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } @media screen and (max-height: 1024px) { .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+3):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } @media screen and (max-height: 640px) { .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload), .e-con.e-parent:nth-of-type(n+2):not(.e-lazyloaded):not(.e-no-lazyload) * { background-image: none !important; } } </style> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-32x32.png" sizes="32x32" /> <link rel="icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-192x192.png" sizes="192x192" /> <link rel="apple-touch-icon" href="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-180x180.png" /> <meta name="msapplication-TileImage" content="https://sucuri.net/wp-content/uploads/2022/02/cropped-Sucuri_FavIcon_512x512-1-270x270.png" /> <style type="text/css" id="wp-custom-css"> a{ color: #028673; } .sucuri-widget-hero-internal-revamp-section.parent .wrapper{ justify-content: flex-end; } p.priceText.spacerContentNeg { padding-top: 0px; } .btn-primary{ color: #fff; background-color: #028673; border-color: #028673; } .hero-nav{ z-index: 99 !important; } .cookie-policy-banner p { color: #028673 !important; } #no-underline p a{ text-decoration: none !important; } body, a:visited, p, select, textarea{ font-size: 16px; } .elementor-widget-text-editor ol, .elementor-widget-text-editor ul { margin-left: 0; padding-left: revert; } footer li a:hover{ color: #26ba9e !important; } .elementor-widget-text-editor .elementor-widget-container h1{ font-weight: 700 !important; font-size: 50px !important; line-height: 50px !important; margin-bottom: 50px !important; font-family: "Titillium Web", Sans-serif; } .elementor-widget-text-editor .elementor-widget-container h2{ font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h3{ font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h4{ font-weight: 700; font-size: 20px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h5{ font-weight: 700 !important; font-size: 18px !important; line-height: 23px !important; margin-bottom: 25px !important; } .elementor-widget-text-editor .elementor-widget-container h6{ font-weight: 700 !important; font-size: 16px !important; line-height: 23px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h1{ font-weight: 700 !important; font-size: 64px !important; line-height: 64px !important; margin-bottom: 100px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .elementor-widget-container h2{ font-weight: 700 !important; font-size: 50px !important; line-height: 1 !important; margin-top: 50px !important; margin-bottom: 15px !important; font-family: "Titillium Web", Sans-serif; } .guides-template-default.single.single-guides .archive .elementor-widget-container h2{ margin-bottom: 25px !important; } .guides-template-default.single.single-guides .elementor-widget-container h3{ font-weight: 600 !important; font-size: 25px !important; line-height: 25px !important; margin-top: 30px !important; margin-bottom: 10px !important; } .guides-template-default.single.single-guides .elementor-widget-container h4{ font-weight: 500; font-size: 20px; line-height: 24px; margin-top: 25px; } .guides-template-default.single.single-guides .elementor-widget-container h5{ font-weight: 500 !important; font-size: 18px !important; line-height: 23px !important; margin-top: 20px !important; } .guides-template-default.single.single-guides .elementor-widget-container h6{ font-weight: 500 !important; font-size: 16px !important; line-height: 23px !important; margin-top: 15px !important; } .header-b .top-nav-wrapper .nav-bar.ua-lg .u-attack { background-color: #028673; } /*custom css*/ /*hero nav in double line when screen is small*/ .hero-nav__list{ flex-wrap: nowrap } .sucuri-widget-sub-nav.fixed{ top:90px !important; } .responsive-table{ overflow-x: auto; } .table_breakdown{ width: unset; min-width: 1080px; } .home .hero-nav{ top: 90px !important; } .sucuri-widget-table-content .linkContainer{ height: auto !important; } /* .guides-template-default.single.single-guides h1{ font-family: "Titillium Web" !important; font-size: 64px !important; font-weight: 700; margin-bottom: 100px !important; } .guides-template-default.single.single-guides h2{ font-family: "Titillium Web" !important; font-weight: 700 !important; font-size: 25px !important; line-height: 25px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h3{ font-family: "Open Sans" !important; font-weight: 700 !important; font-size: 23px !important; line-height: 24px !important; margin-bottom: 25px !important; } .guides-template-default.single.single-guides h4{ font-family: "Open Sans" !important; font-size: 22px !important; font-weight: 700 !important; margin-bottom: 30px !important; } .guides-template-default.single.single-guides h5{ font-family: "Open Sans" !important; font-size: 21px !important; font-weight: 700 !important; margin-bottom: 20px !important; } .guides-template-default.single.single-guides h6{ font-family: "Open Sans" !important; font-size: 18px !important; font-weight: 400 !important; margin-bottom: 20px !important; } */ .hero-nav__list { padding-left: 10px; } @media (min-width: 1200px){ .v2-subnav { height: auto; } } .v2-subnav { height: auto !important; } .sucuri-widget-sub-nav.fixed{ z-index: 1 !important; } .sucuri-widget-sub-nav ul li a{ font-size: 12px; } .sucuri-widget-card-plans .card-plans-container .card-plans-list #card-plans-list-single.background-important .card-plans-single .absolute-footer .card-sub-button p a{ color: #fff; } .sucuri-widget-brands-banner .sucuri-widget-brands-banner-internal .imgContainer.fiveRow{ padding-left:20px; padding-right:20px; } .sucuri-widget-faq-content h2{ font-weight: 700 !important; } /* chat bubble colors */ .chat-widget-wrapper .phone-banner { background-color: #26ba9e; } .chat-widget-wrapper .chat-widget-container { background-color: #028673; } .chat-widget-wrapper .chat-widget-container .chat-widget-avatar { background-color: #26ba9e; border: 4px solid #26ba9e; } /* footer custom css */ @media (min-width: 1400px) { footer .container { max-width: 1140px; padding: 0; } } .footer-b hr { width: 97%; display: block; margin: 0 auto; margin-top: 3rem; margin-bottom: 1rem; } /* custom css for hero nav menu list */ @media(min-width: 992px){ .header-b .top-nav-wrapper .nav-bar.pro-sol{ margin-left: 3rem; } } @media(min-width: 1400px){ .hero-nav__list{ max-width: 1300px; } .sucuri-widget-sub-nav ul{ max-width: 1300px; } } @media(min-width: 1920px){ .hero-nav__list{ max-width: 1140px; } .sucuri-widget-sub-nav ul{ max-width: 1300px !important; } } .v2-subnav .hero-nav__item a{ padding-left: 5px; padding-right: 10px; font-size: 10px; font-weight: 400; } .sucuri-widget-sub-nav ul li a{ font-weight: 400; font-size: 10px !important; padding-right:30px; } @media(min-width: 992px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; } } @media(min-width: 1440px){ .v2-subnav .hero-nav__item a{ padding-left: 20px; padding-right: 20px; font-size: 12px; } .sucuri-widget-sub-nav ul li a{ font-size: 12px !important; } } @media(min-width: 1920px){ .v2-subnav .hero-nav__item a{ padding-left: 0px; } .sucuri-widget-sub-nav ul li a{ padding-left: 0 !important; } } /* custom css for nav content */ .elementor-widget.elementor-widget-text-editor a{ text-decoration: none !important; } .elementor-widget.elementor-widget-text-editor h4{ font-weight: 700; } .sucuri-widget-nav-content ul li a{ padding: 20px 12px !important; font-size: 14px; } /* cards */ .archive.post-type-archive .elementor-post__card .elementor-post__title{ font-size: 20px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title{ margin-top: 0px !important; } .archive.post-type-archive .elementor-post__card .elementor-post__title a{ font-size: 20px !important; line-height: 1.4 !important; } /* FAQ CONTENT */ .sucuri-widget-faq-content .faq-content-single p span{ display:block; padding-left:20px; } .sucuri-widget-faq-content .faq-content-single p span:first-child{ padding-top:10px } .sucuri-widget-faq-content .faq-content-single > ul > li input[type=checkbox]{ height: auto !important; } .sucuri-widget-faq-content .faq-content-single h4{ font-size: 18px !important; margin-top: 0px !important; margin-bottom: 0px !important; font-weight: 700 !important; } pre code{ padding: 0px; } article.post{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; overflow: hidden; } article.post .post-content{ padding: 20px; } article.post .post-content .post-title{ color: #028673; font-family: "Titillium Web", Sans-serif; font-size: 20px; font-weight: 700; } .container-grid-layout{ display: flex; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows: 200px; grid-auto-flow: row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing: border-box; padding-right: 15px; grid-template-rows: 160px 170px 0px; flex-direction: column; } .container-grid-layout .frame-1x1{ grid-column: span 1; grid-row: span 1; } .container-grid-layout .frame-1x2{ grid-column: span 1; grid-row: span 2; } .container-grid-layout .frame-2x1 { grid-column: span 2; grid-row: span 2; } @media(min-width: 768px){ .container-grid-layout{ display: grid; grid-template-columns: repeat(3, 1fr); grid-template-rows: repeat(auto-fit, minmax(200px, 1fr)); grid-auto-rows:200px; grid-auto-flow:row dense; grid-gap: 14px; /* padding: 10px; */ box-sizing:border-box; padding-right: 15px; grid-template-rows: 107px 113px 0px; flex-direction: column; } } @media(min-width: 992px){ .container-grid-layout{ grid-template-rows: 145px 145px 0px; } } @media(min-width: 1440px){ .container-grid-layout{ grid-template-rows: 160px 170px 0px; } } .container-grid-third{ display: flex; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; flex-direction: column; flex-wrap: nowrap; align-content: center; } .container-grid-third .post{ width: calc(100% - 5px); position: relative; height: 0; width: calc(100% - 5px); position: relative; background-repeat: no-repeat; background-position: 50% 50%; background-size: cover; display: flex; flex-direction: column; justify-content: space-between; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); grid-row: span 2 / auto; } .container-grid-third .frame-1x2{ padding-bottom: calc(130% - 5px); grid-row: span 3 / auto; } @media(min-width: 768px){ .container-grid-third{ display: grid; grid-template-columns: 1fr; place-items: start; padding: 0px; padding-right: 10px; grid-template-columns: 1fr 1fr 1fr; grid-gap: 8px; margin-bottom: 10px; } .container-grid-third .frame-1x1{ padding-bottom: calc(48% - 5px); } .container-grid-third .frame-1x2{ padding-bottom: calc(250% - 5px); } } @media(min-width: 992px){ .container-grid-third .frame-1x2{ padding-bottom: calc(165% - 5px); } } @media(min-width: 1440px){ .container-grid-third .frame-1x2{ padding-bottom: calc(135% - 5px); } } .shortcodes-custom-container .box{ display: none; } .container-ad{ box-shadow: 0 0 10px 0 rgba(0,0,0,.15); border-radius: 8px; grid-column: span 1; grid-row: span 2; display: flex; flex-direction: column; flex-wrap: nowrap; align-items: center; justify-content: center; background-image: url('https://sucuri.net/wp-content/uploads/2023/07/23-sucuri-content-hub-we-are-here-to-help-bg.png'); background-position: center; background-repeat: no-repeat; background-size: cover; } .container-ad p{ margin-bottom: 0px !important; } .container-ad h2{ margin-top: 0px !important; font-family: "Titillium Web"; font-size: 50px; line-height: 1.2; } .container-ad h2, .container-ad p, .container-ad .link{ text-align: center; color: white; font-weight: 700; } .container-ad .btn{ background: #028673; color: white; margin: 0px 0 20px 0; } .elementor-widget-text-editor strong span { text-decoration: none !important; } select#post-filter-select { padding: 5px 10px; border: 1px solid #F0F1F2; box-shadow: 0 0 10px 0 rgba(0,0,0,.15); min-width: 180px; margin-right: 40px; border-radius: 7px; border-right: 10px solid transparent; } .custom-post-filter a{ background-color: #4F6CB5; color: white; padding: 7.5px 25px; border-radius: 7px; font-size: 16px; font-weight: 500; } .container-grid-third.second-option .frame-1x1{ padding-bottom: calc(82% - 5px); } /* faq section */ .sucuri-widget-faq-content .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single h4{ margin-top: 0px !important; } .sucuri-widget-faq-content-advanced .faq-content-single > ul > li input[type=checkbox]:checked ~ h4{ margin-top: 0px !important; } .sucuri-widget-faq-content h2{ margin-bottom: 50px !important; } .sucuri-widget-faq-content-advanced h4{ font-size: 25px; } /* table sign up */ .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table ul li:nth-child(2n+1) table tbody tr td svg{ max-width: 20px; } svg.e-font-icon-svg.e-fas-check-circle{ fill: #028673; } svg.e-font-icon-svg.e-fas-circle { fill: #f2f5f5; } .sucuri-widget-new-card-plans .sucuri-widget-platform-static-cards-widget .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-static .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } .sucuri-widget-platform-dropdown .platform-dropdown-single .dropdown-content-table .table_breakdown tbody tr td:not(:first-child) svg{ max-width: 20px } /* end table sign up */ .sucuri-widget-sub-nav.fixed{ z-index: 98 !important; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2 img{ max-width: 480px; } .sucuri-widget-hero-revamp-section.parent .wrapper .div2{ margin: 0 auto; } @media(min-width: 1440px){ .sucuri-table-plans-security-three-revamp .sucuri-widget-platform-static-cards-widget .dropdown-content-table .shadow { position: absolute; top: 7px; width: 1044px; right: 20px; } } @keyframes marquee { 0% { transform: translateX(0); } 100% { transform: translateX(-50%); } } .marquee { overflow: hidden; background-color: #00BB9F; height: 31px; display: flex; align-items: center; position: relative; } .marquee-content { display: flex; width: max-content; animation: marquee 50s linear infinite; } .marquee-content div { white-space: nowrap; display: flex; align-items: center; margin-right: 20px; /* Extra Styling */ font-size: 17px; font-family: 'Titilium Web', Helvetica, Arial, sans-serif; font-weight: 500; color: #02141B; } .marquee-content div span { font-weight: 700; margin:0 4px; } </style> </head> <body class="guides-template-default single single-guides postid-9238 single-format-standard wp-custom-logo elementor-default elementor-kit-8778 elementor-page elementor-page-9238"> <script type="text/javascript">(function(a,b,c,d){a='//tags.tiqcdn.com/utag/gpl/sucuri/prod/utag.js';b=document;c='script';d=b.createElement(c);d.src=a;d.type='text/java'+c;d.async=true;a=b.getElementsByTagName(c)[0];a.parentNode.insertBefore(d,a)})();</script> <div data-elementor-type="header" data-elementor-id="10522" class="elementor elementor-10522 elementor-location-header" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-e6284d1 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="e6284d1" data-element_type="section" data-settings="{"sticky":"top","sticky_on":["desktop","tablet_extra","tablet","mobile"],"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-49d7753" data-id="49d7753" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d46c653 elementor-widget elementor-widget-html" data-id="d46c653" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/live-chat/"> <div class="marquee"> <div class="marquee-content"> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div>  <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> <div>Get <span>15%</span>, <span>20%</span> or <span>30%</span> on your first year, discount on our plans just for black friday, chat now and stay safe</div> <div> <img src="https://sucuri.net/wp-content/uploads/2024/11/Offer.svg" alt="Offer"> </div> </div> </div> </a> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-5dd7eb5 elementor-section-height-min-height elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-items-middle" data-id="5dd7eb5" data-element_type="section" id="header-container" data-settings="{"background_background":"classic","sticky":"top","sticky_on":["desktop","tablet_extra","tablet","mobile"],"sticky_offset":0,"sticky_effects_offset":0,"sticky_anchor_link_offset":0}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-ff5a8e8" data-id="ff5a8e8" data-element_type="column" id="menu-column-one"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-b873b2a elementor-widget elementor-widget-theme-site-logo elementor-widget-image" data-id="b873b2a" data-element_type="widget" data-widget_type="theme-site-logo.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net"> <img src="https://sucuri.net/wp-content/uploads/elementor/thumbs/Sucuri-Logo-qio221wlg9vvaaewra0jqjt8rf04jyn1vtdestgfmi.png" title="Sucuri Logo" alt="Sucuri" loading="lazy" /> </a> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-42d43ff" data-id="42d43ff" data-element_type="column" id="menu-column-two"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c6a03bd elementor-nav-menu__align-start elementor-nav-menu__text-align-center elementor-nav-menu--stretch elementor-widget-tablet__width-initial elementor-nav-menu--dropdown-tablet_extra elementor-nav-menu--toggle elementor-nav-menu--burger elementor-widget elementor-widget-nav-menu" data-id="c6a03bd" data-element_type="widget" id="header-main-menu" data-settings="{"submenu_icon":{"value":"<svg class=\"fa-svg-chevron-down e-font-icon-svg e-fas-chevron-down\" viewBox=\"0 0 448 512\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"><path d=\"M207.029 381.476L12.686 187.132c-9.373-9.373-9.373-24.569 0-33.941l22.667-22.667c9.357-9.357 24.522-9.375 33.901-.04L224 284.505l154.745-154.021c9.379-9.335 24.544-9.317 33.901.04l22.667 22.667c9.373 9.373 9.373 24.569 0 33.941L240.971 381.476c-9.373 9.372-24.569 9.372-33.942 0z\"><\/path><\/svg>","library":"fa-solid"},"full_width":"stretch","layout":"horizontal","toggle":"burger"}" data-widget_type="nav-menu.default"> <div class="elementor-widget-container"> <nav aria-label="Menu" class="elementor-nav-menu--main elementor-nav-menu__container elementor-nav-menu--layout-horizontal e--pointer-none"> <ul id="menu-1-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item">Pricing</a></li> </ul> </nav> <div class="elementor-menu-toggle" role="button" tabindex="0" aria-label="Menu Toggle" aria-expanded="false"> <svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--open e-font-icon-svg e-eicon-menu-bar" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M104 333H896C929 333 958 304 958 271S929 208 896 208H104C71 208 42 237 42 271S71 333 104 333ZM104 583H896C929 583 958 554 958 521S929 458 896 458H104C71 458 42 487 42 521S71 583 104 583ZM104 833H896C929 833 958 804 958 771S929 708 896 708H104C71 708 42 737 42 771S71 833 104 833Z"></path></svg><svg aria-hidden="true" role="presentation" class="elementor-menu-toggle__icon--close e-font-icon-svg e-eicon-close" viewBox="0 0 1000 1000" xmlns="http://www.w3.org/2000/svg"><path d="M742 167L500 408 258 167C246 154 233 150 217 150 196 150 179 158 167 167 154 179 150 196 150 212 150 229 154 242 171 254L408 500 167 742C138 771 138 800 167 829 196 858 225 858 254 829L496 587 738 829C750 842 767 846 783 846 800 846 817 842 829 829 842 817 846 804 846 783 846 767 842 750 829 737L588 500 833 258C863 229 863 200 833 171 804 137 775 137 742 167Z"></path></svg> <span class="elementor-screen-only">Menu</span> </div> <nav class="elementor-nav-menu--dropdown elementor-nav-menu__container" aria-hidden="true"> <ul id="menu-2-c6a03bd" class="elementor-nav-menu"><li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10468"><a href="https://sucuri.net/website-security/" class="elementor-item" tabindex="-1">Products</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10591"><a href="https://sucuri.net/website-security-platform/" class="elementor-sub-item" tabindex="-1">Website Security Platform</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10473"><a href="https://sucuri.net/website-firewall/" class="elementor-sub-item" tabindex="-1">Website Firewall</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10474"><a href="https://sucuri.net/custom/agency/" class="elementor-sub-item" tabindex="-1">Agency Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10589"><a href="https://sucuri.net/custom/enterprise/" class="elementor-sub-item" tabindex="-1">Custom & Enterprise Plans</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10590"><a href="https://sucuri.net/partners/" class="elementor-sub-item" tabindex="-1">Partnerships</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10764"><a href="https://sucuri.net/developers/" class="elementor-sub-item" tabindex="-1">Junior Dev</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10530"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Features</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10592"><a href="https://sucuri.net/malware-detection-scanning/" class="elementor-sub-item" tabindex="-1">Detection<small>Website Monitoring & Alerts</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10593"><a href="https://sucuri.net/intrusion-detection-system/" class="elementor-sub-item" tabindex="-1">Protection<small>Future Website Hacks</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10594"><a href="https://sucuri.net/website-performance/" class="elementor-sub-item" tabindex="-1">Performance<small>Speed Up Your Website</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10595"><a href="https://sucuri.net/website-malware-removal/" class="elementor-sub-item" tabindex="-1">Response<small>Help For Hacked Websites</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10596"><a href="https://sucuri.net/website-backups/" class="elementor-sub-item" tabindex="-1">Backups<small>Disaster Recovery Plan</small></a></li> <li class="double-line menu-item menu-item-type-custom menu-item-object-custom menu-item-10597"><a href="https://sucuri.net/ecommerce-website-security/" class="elementor-sub-item" tabindex="-1">Ecommerce<small>Security For Online Stores</small></a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-has-children menu-item-10531"><a href="#" class="elementor-item elementor-item-anchor" tabindex="-1">Resources</a> <ul class="sub-menu elementor-nav-menu--dropdown"> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10598"><a href="https://sucuri.net/guides/" class="elementor-sub-item" tabindex="-1">Guides</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10599"><a href="https://sucuri.net/webinars/" class="elementor-sub-item" tabindex="-1">Webinars</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10600"><a href="https://sucuri.net/infographics/" class="elementor-sub-item" tabindex="-1">Infographics</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10601"><a href="https://blog.sucuri.net/" class="elementor-sub-item" tabindex="-1">Blog</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10602"><a href="https://sitecheck.sucuri.net/" class="elementor-sub-item" tabindex="-1">SiteCheck</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10603"><a href="https://sucuri.net/reports/" class="elementor-sub-item" tabindex="-1">Reports</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10604"><a href="https://sucuri.net/email-courses/" class="elementor-sub-item" tabindex="-1">Email Courses</a></li> <li class="menu-item menu-item-type-post_type menu-item-object-page menu-item-11216"><a href="https://sucuri.net/ebooks/" class="elementor-sub-item" tabindex="-1">Ebooks</a></li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10605"><a href="https://sucuri.net/technical-hub/" class="elementor-sub-item" tabindex="-1">Technical Hub</a></li> </ul> </li> <li class="menu-item menu-item-type-custom menu-item-object-custom menu-item-10532"><a href="https://sucuri.net/website-security-platform/signup/" class="elementor-item" tabindex="-1">Pricing</a></li> </ul> </nav> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-top-column elementor-element elementor-element-75d4b41 elementor-hidden-mobile" data-id="75d4b41" data-element_type="column" id="menu-column-three"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-aa77472 elementor-widget__width-initial elementor-widget-tablet__width-initial elementor-widget elementor-widget-html" data-id="aa77472" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <div class="float-right-next"> <div class="nav-bar ua-lg"> <ul class="nav"> <li> <a href="/website-security-platform/help-now/" class="mp-under-attack-button u-attack auto-track" data-gatrack="Button_Click, Top_Nav_Under_Attack">Immediate Help</a> </li> </ul> </div> <div class="nav-bar plt"> <div class="login"> <a href="https://dashboard.sucuri.net/login/" class="login mp-login-btn auto-track" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <svg width="32" height="32" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg"> <path d="M16 17.667C18.7614 17.667 21 15.4284 21 12.667C21 9.90557 18.7614 7.66699 16 7.66699C13.2386 7.66699 11 9.90557 11 12.667C11 15.4284 13.2386 17.667 16 17.667Z" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M24.3333 24.3332C24.3333 20.6498 20.6016 17.6665 16 17.6665C11.3983 17.6665 7.66663 20.6498 7.66663 24.3332" stroke="white" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> <path d="M26 1H6C3.23858 1 1 3.23858 1 6V26C1 28.7614 3.23858 31 6 31H26C28.7614 31 31 28.7614 31 26V6C31 3.23858 28.7614 1 26 1Z" stroke="#38B299" stroke-opacity="0.88" stroke-linecap="round" stroke-linejoin="round"/> </svg> <div class="login-drop-down inner-nav-bar"> <i class="pointer"></i> <div class="login-container"> <a href="https://dashboard.sucuri.net/login" class="login-btn" data-gatrack="Button_Click, Top_Nav_Login">Login</a> <div class="sign-up"> <p>New Customer? </p> <a href="/website-security-platform/signup/" style="padding: 0px">Sign up now.</a> </div> <ul> <li><a href="https://support.sucuri.net/support/?new" class="login-link">Submit a ticket</a></li> <li><a href="https://docs.sucuri.net/" class="login-link">Knowledge base</a></li> <li><a href="/live-chat/" class="login-link">Chat now</a></li> </ul> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <div data-elementor-type="wp-post" data-elementor-id="9238" class="elementor elementor-9238" data-elementor-post-type="guides"> <section class="elementor-section elementor-top-section elementor-element elementor-element-aee3bfe elementor-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="aee3bfe" data-element_type="section" data-settings="{"background_background":"gradient","stretch_section":"section-stretched"}"> <div class="elementor-background-overlay"></div> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ef720dd" data-id="ef720dd" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-0413de8 elementor-widget elementor-widget-html" data-id="0413de8" data-element_type="widget" data-widget_type="html.default"> <div class="elementor-widget-container"> <div class="navigation-wrapper d-none d-md-flex"> <ul class="nav nav-inline breadcrumb-list p-0 c-lg-12"> <li class="nav-item"><a href="/" class="nav-link">Home</a></li> <li class="nav-item"><a href="/guides/" class="nav-link">Guides</a></li> <li class="nav-item active"><a href="" class="nav-link">OWASP Top 10 Security Risks & Vulnerabilities 2021</a></li> </ul> </div> </div> </div> <div class="elementor-element elementor-element-d83a006 elementor-widget__width-initial elementor-widget elementor-widget-heading" data-id="d83a006" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h1 class="elementor-heading-title elementor-size-default">OWASP Top Security Risks & Vulnerabilities 2021</h1> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-a6a4429 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="a6a4429" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-50335f8" data-id="50335f8" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-9d41bed elementor-widget elementor-widget-heading" data-id="9d41bed" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Introduction</h2> </div> </div> <div class="elementor-element elementor-element-c5a4661 elementor-widget elementor-widget-text-editor" data-id="c5a4661" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>When managing a website it’s important to stay on top of the most critical security risks and vulnerabilities. The OWASP Top 10 is a great starting point to bring awareness to the biggest threats to websites in 2021.</p> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-d5aa0b1 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="d5aa0b1" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-1c49e60" data-id="1c49e60" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-151fc29 elementor-widget elementor-widget-spacer" data-id="151fc29" data-element_type="widget" data-widget_type="spacer.default"> <div class="elementor-widget-container"> <div class="elementor-spacer"> <div class="elementor-spacer-inner"></div> </div> </div> </div> </div> </div> </div> </section> <div class="elementor-element elementor-element-6e3ee06 elementor-align-center auto-track elementor-widget elementor-widget-button" data-id="6e3ee06" data-element_type="widget" data-gatrack="Button_Click, OWASP_Top_10_2021_Protect_Your_Site" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-lg" href="https://sucuri.net/website-security-platform/signup/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Protect Your Site From Vulnerabilities</span> </span> </a> </div> </div> </div> </div> </div> <div class="elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-a5e90ee elementor-hidden-mobile" data-id="a5e90ee" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-58e8be8 elementor-widget elementor-widget-heading" data-id="58e8be8" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <p class="elementor-heading-title elementor-size-default">Contents</p> </div> </div> <div class="elementor-element elementor-element-539cc11 elementor-widget elementor-widget-table_contents_link" data-id="539cc11" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#broken-access-control">1 - Broken Access Control</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-021fd5a elementor-widget elementor-widget-table_contents_link" data-id="021fd5a" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#cryptographic-failures">2 - Cryptographic Failures</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-ff7df55 elementor-widget elementor-widget-table_contents_link" data-id="ff7df55" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#injection">3 - Injection</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-cff7946 elementor-widget elementor-widget-table_contents_link" data-id="cff7946" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#insecure-design">4 - Insecure Design</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-8e665b7 elementor-widget elementor-widget-table_contents_link" data-id="8e665b7" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#security-misconfigurations">5 - Security Misconfigurations</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-6c0a305 elementor-widget elementor-widget-table_contents_link" data-id="6c0a305" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#vulnerable-and-outdated-components">6 - Vulnerable and Outdated Components</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-25cea79 elementor-widget elementor-widget-table_contents_link" data-id="25cea79" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#identification-authentication-failures">7 - Identification and Authentication Failures</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-6d1f372 elementor-widget elementor-widget-table_contents_link" data-id="6d1f372" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#software-data-integrity-failures">8 - Software and Data Integrity Failures</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-3f4b842 elementor-widget elementor-widget-table_contents_link" data-id="3f4b842" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#security-logging-monitoring-failures">9 - Security Logging & Monitoring Failures</a> </div> </div> </div> </div> <div class="elementor-element elementor-element-f7b5620 elementor-widget elementor-widget-table_contents_link" data-id="f7b5620" data-element_type="widget" data-widget_type="table_contents_link.default"> <div class="elementor-widget-container"> <div class="sucuri-widget-table-content"> <div class="linkContainer"> <a class="tabContentLink" href="#server-side-request-forgery">10 - Server-Side Request Forgery</a> </div> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-927b256 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="927b256" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f2f6ac8" data-id="f2f6ac8" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-8b90add elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="8b90add" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-24dd10b" data-id="24dd10b" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-09e5414 elementor-widget elementor-widget-heading" data-id="09e5414" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">What is OWASP?</h2> </div> </div> <div class="elementor-element elementor-element-f8f6f3a elementor-widget elementor-widget-text-editor" data-id="f8f6f3a" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.</p> </div> </div> <div class="elementor-element elementor-element-67aadf2 elementor-widget elementor-widget-heading" data-id="67aadf2" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">What is the OWASP Top Ten?</h2> </div> </div> <div class="elementor-element elementor-element-0c5fd52 elementor-widget elementor-widget-text-editor" data-id="0c5fd52" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>OWASP Top Ten is the list of the 10 most common application vulnerabilities. It also shows their risks, impacts, and countermeasures. Updated every three to four years, the latest <a href="https://owasp.org/www-project-top-ten/">OWASP vulnerabilities list</a> was released September 24, 2021. Let’s dive into some of the changes!</p> </div> </div> <div class="elementor-element elementor-element-2ae85a8 elementor-widget elementor-widget-image" data-id="2ae85a8" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <img fetchpriority="high" decoding="async" width="936" height="258" src="https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-OWASP-Top-Security-Risks-Vulnerabilities-TopTen-1.png" class="attachment-large size-large wp-image-9241" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-OWASP-Top-Security-Risks-Vulnerabilities-TopTen-1.png 936w, https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-OWASP-Top-Security-Risks-Vulnerabilities-TopTen-1-300x83.png 300w, https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-OWASP-Top-Security-Risks-Vulnerabilities-TopTen-1-768x212.png 768w" sizes="(max-width: 936px) 100vw, 936px" /> </div> </div> <div class="elementor-element elementor-element-eef3f99 elementor-widget elementor-widget-text-editor" data-id="eef3f99" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p style="text-align: center;">Image credit to <a href="https://owasp.org/www-project-top-ten/">OWASP</a></p><p> </p><h4>The Top 10 OWASP vulnerabilities in 2021 are:</h4><ol><li>Broken Access Control</li><li>Cryptographic Failures</li><li>Injection</li><li>Insecure Design</li><li>Security Misconfiguration</li><li>Vulnerable and Outdated Components</li><li>Identification and Authentication Failures</li><li>Software and Data Integrity Failures</li><li>Security Logging and Monitoring Failures</li><li>Server-Side Request Forgery</li></ol> </div> </div> <div class="elementor-element elementor-element-9441d95 elementor-widget elementor-widget-menu-anchor" data-id="9441d95" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="broken-access-control"></div> </div> </div> <div class="elementor-element elementor-element-582ab73 elementor-widget elementor-widget-heading" data-id="582ab73" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">1</h2> </div> </div> </div> </div> </div> </section> <div class="elementor-element elementor-element-dd80a4d elementor-widget elementor-widget-heading" data-id="dd80a4d" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Broken Access Control</h2> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-518301a elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="518301a" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-9d21382" data-id="9d21382" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-c855cc0 elementor-widget elementor-widget-text-editor" data-id="c855cc0" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Broken Access Control moved up from the fifth most severe risk in 2017 to the top risk in 2021. There were more instances of Common Weakness Enumerators (CWE) for this than any other category.</p><p><strong>Here are some examples of what we consider to be “access”:</strong></p><ul><li>Access to a hosting control / administrative panel</li><li>Access to a server via FTP / SFTP / SSH</li><li>Access to a website’s administrative panel</li><li>Access to other applications on your server</li><li>Access to a database</li></ul><p><strong>Attackers can exploit authorization flaws to accomplish the following:</strong></p><ul><li>Access unauthorized functionality and/or data</li><li>View sensitive files</li><li>Change access rights</li><li>Edit files and records</li></ul><h3>What Are the Risks of Broken Access Control?</h3><p>Here are a few examples provided by OWASP of what can happen when there is broken access control:</p><ul><li><strong>Scenario #1:</strong> The website is using a <a href="https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html">vulnerable</a> version of WordPress, 4.7.1. One of the REST endpoints allows access (via the API) to view, edit, delete and create posts. Within this particular endpoint, a subtle bug allows <strong>unauthenticated visitors to edit any post on the site</strong>.</li></ul><p style="padding-left: 40px;">This makes it possible for an attacker to send a request like: <strong>/wp-json/wp/v2/posts/1234?id=12345helloworld</strong> which would assign <strong>12345helloworld</strong> to the <strong>ID</strong> parameter – which now contains more than just digits.</p><ul><li><strong>Scenario #2:</strong> An attacker simply force browses to target URLs. Admin rights are required for access to the admin page. http://example.com/app/getappInfo</li></ul><p style="padding-left: 40px;">Developers are going to be more familiar with the above scenarios, but remember that broken access control vulnerabilities can be expressed in many forms through almost every web technology out there. It all depends on what you use on your website.</p><h3>Reducing the Risks of Broken Access Control</h3><p>There are things you can do to reduce the risks of broken access control:</p><ul><li>Employ <a href="https://blog.sucuri.net/2017/04/the-principle-of-least-privilege.html">least privileged concepts</a> – apply a role appropriate to the task and only for the amount of time necessary to complete said task.</li><li>Get rid of accounts you don’t need or whose user no longer requires access.</li><li>Audit your servers and websites – who is doing what, when, and why.</li><li>If possible, apply multi-factor authentication (MFA) to all your access points.</li><li>Disable access points until they are needed in order to reduce your access windows</li><li>Remove unnecessary services from your server.</li><li>Check applications that are externally accessible versus applications that are tied to your network.</li><li>If you are developing a website, bear in mind that a production box should not be the place to develop, test, or push updates without testing.</li></ul><h3>Broken Access Control Prevention</h3><p>To avoid broken access control you should develop and configure software with a security-first philosophy. It is important to work with a developer to make sure there are security requirements in place.<br />The technical recommendations by OWASP to prevent broken access control are:</p><ul><li>With the exception of public resources, deny by default.</li><li>Implement access control mechanisms once and reuse them throughout the application, including minimizing CORS usage.</li><li>Model access controls should enforce record ownership, rather than accepting that the user can create, read, update, or delete any record.</li></ul><p style="padding-left: 40px;">Note: For example, if a user logs in as “John,” he could only create, read, update or delete records associated with the ID of “John,” never the data from other users.</p><ul><li>Unique application business limit requirements should be enforced by domain models.</li><li>Disable web server directory listing and ensure file metadata (e.g. .git) and backup files are not present within web roots and are not publicly accessible.</li><li>Log access control failures, alert admins when appropriate (e.g. repeated failures).</li><li>Rate limit API and controller access to minimize the harm from automated attacks.</li><li>JWT tokens should be invalidated on the server after logout.</li><li>Developers and QA staff should include functional access control units and integration tests.</li></ul> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-d33069f elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="d33069f" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-9d92515" data-id="9d92515" data-element_type="column" data-settings="{"background_background":"classic"}"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-7c17f26 elementor-widget elementor-widget-heading" data-id="7c17f26" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Did you know?</h2> </div> </div> <div class="elementor-element elementor-element-67cedf0 elementor-widget elementor-widget-text-editor" data-id="67cedf0" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p style="text-align: center;">The Sucuri Firewall can help black attacks and virtually patch known website vulnerabilities.</p> </div> </div> <div class="elementor-element elementor-element-9e347d0 elementor-align-center elementor-mobile-align-left elementor-widget elementor-widget-button" data-id="9e347d0" data-element_type="widget" data-gatrack="Button_Click, OWASP_Top_10_2021_Learn_More" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-md" href="https://sucuri.net/website-firewall/signup/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Learn More</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-16565b8 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="16565b8" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-274ac8f" data-id="274ac8f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-037f1e6 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="037f1e6" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-4b679ad" data-id="4b679ad" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8cab27b elementor-widget elementor-widget-menu-anchor" data-id="8cab27b" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="cryptographic-failures"></div> </div> </div> <div class="elementor-element elementor-element-ce25710 elementor-widget elementor-widget-heading" data-id="ce25710" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">2</h2> </div> </div> </div> </div> </div> </section> <div class="elementor-element elementor-element-cda0d89 elementor-widget elementor-widget-heading" data-id="cda0d89" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Cryptographic Failures</h2> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-dbe84c2 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="dbe84c2" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7b950b4" data-id="7b950b4" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-5344bde elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="5344bde" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-cb244bc" data-id="cb244bc" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-8fd9382 elementor-widget elementor-widget-text-editor" data-id="8fd9382" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Previously known as “Sensitive Data Exposure”, it was renamed to better reflect the root cause of the issue. It moves up from number three to runner-up in widespread vulnerabilities on the OWASP list. It consists of a failure to protect sensitive data that should not have been publicly accessible.</p><h3>Examples of Cryptographic Failures</h3><p>Sensitive data that requires protection includes:</p><ul><li>Credentials</li><li>Credit card numbers</li><li>Social Security numbers</li><li>Medical information</li><li>Personally identifiable information (PII)</li><li>Other personal information</li></ul><p> </p><p>It is vital for any organization to understand the importance of protecting users’ information and privacy. All companies should understand and comply with their local privacy laws as well as any regional ones where they conduct business in.</p><p>Responsible sensitive data collection and handling has become more noticeable, especially with the advent of the General Data Protection Regulation (GDPR). <a href="https://gdpr.eu/">GDPR</a> is a fairly recent data privacy law that went into effect May 25, 2018. It mandates how companies collect, modify, process, store, delete and use personal data originating in the European Union for both residents and visitors.</p><p>There are two types of data:</p><ul><li>Stored data – data at rest</li><li>Transmitted data – data that is transmitted internally between servers, or to web browsers</li></ul><h3>Protecting Data in Transit</h3><p>Both types of data should be protected. When considering data in transit, one way to protect it on a website is by having an <a href="https://blog.sucuri.net/2021/10/ssl-within-the-context-of-website-security.html">SSL certificate</a></p><p>SSL is the acronym for <strong>Secure Sockets Layer</strong>. It is the standard security technology for establishing an encrypted link between a web server and a browser. SSL certificates help <strong>protect the integrity of the data in transit</strong> between the host (web server or firewall) and the client (web browser).</p><p>We have created a DIY guide to help every website owner learn how to install an <a href="https://sucuri.net/guides/how-to-install-ssl-certificate/">SSL certificate</a>.</p><h3>What are the risks of Cryptographic Failure</h3><p>OWASP provides a few examples of what can happen when sensitive data is exposed:</p><ul><li><strong>Scenario #1:</strong> An application encrypts credit card numbers in a database using automatic database encryption. However, this data is automatically decrypted when retrieved, allowing an SQL injection flaw to retrieve credit card numbers in clear text.</li><li><strong>Scenario #2:</strong> A site doesn’t use or enforce TLS for all pages or supports weak encryption. An attacker monitors network traffic (e.g. at an insecure wireless network), downgrades connections from HTTPS to HTTP, intercepts requests, and <a href="https://blog.sucuri.net/2017/05/fake-wordprssapi-stealing-cookies-and-hijacking-sessions.html">steals the user’s session cookie</a>. The attacker then replays this cookie and hijacks the user’s (authenticated) session, accessing or modifying the user’s private data. Instead of the above, they could alter all transported data, e.g. the recipient of a money transfer.</li><li><strong>Scenario #3:</strong> The password database uses unsalted or simple hashes to store everyone’s passwords. A file upload flaw allows an attacker to retrieve the password database. All the unsalted hashes can be exposed with a rainbow table of pre-calculated hashes. Hashes generated by simple or fast hash functions may be cracked by GPUs, even if they were salted. </li></ul><h3>Why is Cryptographic Failure so common?</h3><p>Over the last few years, <a href="https://blog.sucuri.net/2021/11/7-audacious-hacks-what-we-can-learn-from-them.html">sensitive data exposure</a> has been one of the most common attacks around the world. Some examples of data leaks exposed sensitive data include:</p><ul><li>The Equifax data breach of 2017 resulted in the compromise of personal information of nearly 150 million Americans, over 15 million British citizens and almost 20,000 Canadians. In a resulting lawsuit the firm was ordered to pay over half a billion dollars in fines/payouts. One law firm launched the largest class action lawsuit in US history against Equifax seeking up to $70 billion USD in damages.</li><li>In June of 2021 LinkedIn reported that information from 90% of its user base was compromised and posted on the dark web. Fortunately no sensitive personal information was compromised, but the leaked details included things like email addresses, phone numbers and geolocation data (certainly enough to aid hackers in spear phishing campaigns).</li><li>Clocking in as the most severe data breach of all time: Yahoo! reported that years prior their entire user 3-billion-strong base had been compromised. Specific details of material taken include names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords. The company was in the middle of being acquired by Verizon at the time and the reported breach cost Yahoo! $350 million USD, not including a litany of class action lawsuits launched against the company.</li></ul><p> </p><p>Non-encrypted sensitive data is the main reason these attacks are so widespread. However, even if data is encrypted, it can still be broken due to weak areas like:</p><ul><li>Key generation process</li><li>Key management process</li><li>Algorithm usage</li><li>Protocol usage</li><li>Cipher usage</li><li>Password hashing storage techniques</li></ul><p> </p><p>This vulnerability is difficult to exploit; however, the consequences of a successful attack are profound. If you want to learn more about such impacts, we have written a blog post on the <a href="https://blog.sucuri.net/2018/05/the-impacts-of-a-data-breach.html">Impacts of a Security Breach</a>.</p><h3>How to Prevent Data Exposure</h3><p>Some of the ways to prevent data exposure, according to OWASP, are:</p><ul><li>Classify the data processed, stored, or transmitted by an application.</li><li>Identify what data is sensitive according to privacy laws, regulatory requirements, or business needs.</li><li>Apply controls as per the classification.</li><li>Don’t store sensitive data unnecessarily.</li><li>Discard sensitive data as soon as possible or use PCI DSS compliant tokenization or truncation. <strong>Remember: data that is not retained cannot be stolen</strong>.</li><li>Make sure to encrypt all sensitive data at rest.</li><li>Ensure that up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.</li><li>Encrypt all data in transit with secure protocols such as TLS with perfect forward secrecy (PFS) ciphers, cipher prioritization by the server, and secure parameters.</li><li>Enforce encryption using directives like HTTP Strict Transport Security (HSTS).</li><li>Disable caching for responses that contain sensitive data.</li><li>Store passwords using strong adaptive and salted hashing functions with a work factor (delay factor), such as Argon2, scrypt, bcrypt, or PBKDF2.</li><li>Verify independently the effectiveness of configuration and settings.</li></ul> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-f58ea4a elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="f58ea4a" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-11678f9" data-id="11678f9" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d42d6b5 elementor-widget elementor-widget-menu-anchor" data-id="d42d6b5" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="injection"></div> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-2dd6333 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="2dd6333" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-b1af37f" data-id="b1af37f" data-element_type="column" data-settings="{"background_background":"classic"}"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-d2857a9 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="d2857a9" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-inner-column elementor-element elementor-element-ce068b5" data-id="ce068b5" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-2233047 elementor-widget elementor-widget-heading" data-id="2233047" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">3</h2> </div> </div> </div> </div> </div> </section> <div class="elementor-element elementor-element-b50d98b elementor-widget elementor-widget-heading" data-id="b50d98b" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Injection</h2> </div> </div> <div class="elementor-element elementor-element-227be16 elementor-widget elementor-widget-text-editor" data-id="227be16" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>A code injection happens when an attacker sends invalid data to the web application with the intention of making it do something that the application is not designed/programmed to do.</p><p>Perhaps the most common example around this security vulnerability is the <strong>SQL query consuming untrusted data</strong>. You can see one of OWASP’s examples below:</p> </div> </div> <div class="elementor-element elementor-element-c06e671 elementor-widget elementor-widget-code-highlight" data-id="c06e671" data-element_type="widget" data-widget_type="code-highlight.default"> <div class="elementor-widget-container"> <div class="prismjs-default copy-to-clipboard "> <pre data-line="" class="highlight-height language-sql "> <code readonly="true" class="language-sql"> <xmp>String query = “SELECT * FROM accounts WHERE custID = ‘” + request.getParameter(“id”) + “‘”;</xmp> </code> </pre> </div> </div> </div> <div class="elementor-element elementor-element-91f4290 elementor-widget elementor-widget-text-editor" data-id="91f4290" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>This query can be exploited by calling up the web page and executing it with the following URL: https://example.com/app/accountView?id=’ or ‘1’=’1 causing the return of all the rows stored on the database table.</p><p>The core of a code injection vulnerability is the lack of validation and sanitization of the data used by the web application, which means that this vulnerability can be present on almost any type of technology related to websites.</p><p>Anything that accepts parameters as input can be vulnerable to a code injection attack.</p><p>We’ve written a lot about <a href="https://blog.sucuri.net/2020/01/malicious-javascript-used-in-wp-site-home-url-redirects.html">code injection attacks</a>. One of the most recent examples was a code injection vulnerability within the very popular Simple 301 Redirects plugin in WordPress. It made it possible for unauthenticated users to inject code that would redirect all website traffic to a malicious domain of the attackers choosing. The vulnerability affected over 300,000 websites and was ranked as a 9.9 on the CVSS scale.</p><h3>How do you prevent code injection vulnerabilities</h3><p>Preventing code injection vulnerabilities really depends on the technology you are using on your website. For example, if you use WordPress, you could minimize code injection vulnerabilities by minimizing the number of plugins and themes installed.</p><p>If you have a tailored web application and a dedicated team of developers, you need to make sure to have security requirements your developers can follow when they are designing and writing software. This will allow them to keep thinking about security during the lifecycle of the project.<br />Here are OWASP’s technical recommendations to prevent SQL injections:</p><p><strong>Preventing SQL injections requires keeping data separate from commands and queries.</strong></p><ul><li>The preferred option is to use a safe API, which avoids the use of the interpreter entirely or provides a parameterized interface or migrate to use Object Relational Mapping Tools (ORMs). Note: Even when parameterized, stored procedures can still introduce SQL injection if PL/SQL or T-SQL concatenates queries and data, or executes hostile data with EXECUTE IMMEDIATE or exec().</li><li>Use positive or “allowlist” server-side input validation. This is not a complete defense as many applications require special characters like text areas or APIs for mobile applications.</li><li>For any residual dynamic queries, escape special characters using the specific escape syntax for that interpreter. Note: SQL structure such as table names and column names cannot be escaped, and thus user-supplied structure names are dangerous. This is a common issue in report-writing software.</li><li>Use LIMIT and other SQL controls within queries to prevent mass disclosure of records in case of SQL injection.</li></ul><p> </p><p><strong>From these recommendations you can conclude two things:</strong></p><ul><li>Separation of data from the web application logic.</li><li>Implement settings and/or restrictions to limit data exposure in case of successful injection attacks.</li></ul><p> </p><p>Without appropriate measures in place, code injections represent a serious risk to website owners. These attacks leverage security loopholes for a hostile takeover or the leaking of confidential information.</p> </div> </div> <div class="elementor-element elementor-element-987bc92 elementor-widget elementor-widget-menu-anchor" data-id="987bc92" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="insecure-design"></div> </div> </div> <div class="elementor-element elementor-element-1389c30 elementor-widget elementor-widget-heading" data-id="1389c30" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">4</h2> </div> </div> <div class="elementor-element elementor-element-25e6222 elementor-widget elementor-widget-heading" data-id="25e6222" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Insecure Design</h2> </div> </div> <div class="elementor-element elementor-element-1b3e505 elementor-widget elementor-widget-text-editor" data-id="1b3e505" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>A new addition to the OWASP Top Ten, clocking in at number four on the list, is insecure design. This focuses on the ground-up development of web applications from the very beginning of its life cycle. This is not to be confused with insecure implementation of web applications or policies. One can have a secure design and insecure implementation but not the other way around. It is, essentially, the avoidance of hard-coded security protocols and methods within the initial development of a web application, as well as the failure to take into account risks and attack vectors during the planning, development, and implementation of a web application.</p><h3>What Are the Risks of Insecure Design?</h3><p>Software developers have a responsibility to write secure applications that do not put its users at risk. Applications that were not developed with security in mind from the very beginning are more likely to put user data and security at risk, and require updates, patches, and fixes to prevent these risks. Applications without secure design are low hanging fruit for attackers and can cost incalculable sums of damage in terms of leaked data, tarnished reputations, and paid working-hours of cleanup and future prevention.</p><h3>Examples of Insecure Design</h3><p>Insecure design is unfortunately quite common within web applications. Some examples include:</p><ul><li>Most CMS platforms, including WordPress, do not limit the number of failed logins on the administrator panel. This renders them particularly vulnerable to <a href="https://en.wikipedia.org/wiki/Brute-force_attack">brute force attacks</a> and requires the installation of third-party security extensions to mitigate.</li><li>By default, <a href="https://docs.cpanel.net/ea4/apache/symlink-race-condition-protection/">symlink race condition protection</a> within WHM / cPanel environments is disabled. This allows attackers to move laterally through the network if one website is compromised. Symlink protection must be manually enabled by the administrator to prevent this from being exploited.</li><li>Many CMS platforms use a default administrator panel URL. For example, wp-admin in WordPress and administrator in Joomla. This (especially combined with our first example) renders them even more vulnerable to brute force attacks. Magento2 has taken a step in the correct direction in partially randomising each new website’s administrator panel URL</li><li>Many ecommerce platforms do not contain built in protection from automated bot transactions. This renders them vulnerable to both scalpers buying up tickets or computer components, and attackers testing stolen credit card details on victim websites.</li></ul><h3>How to Prevent Insecure Design</h3><p>To borrow from the <a href="https://owasp.org/Top10/A04_2021-Insecure_Design/">OWASP top ten list</a>:<br />“Secure design is a culture and methodology that constantly evaluates threats and ensures that code is robustly designed and tested to prevent known attack methods”</p><p>By taking security into account from the very bedrock of the development of a web application, many easily preventable risks can be avoided. Secure design is not a ruleset nor a tool, it is a culture, mindset and methodology.</p><ul><li>Security specialists should be consulted at the beginning of a project and throughout the entire development lifecycle</li><li>Make heavy usage of threat modeling</li><li>Consider potential attack vectors and the level of exposure that your web application will have</li><li>Analyze (and re-analyze) all data flows, particularly ones that resist the threat modeling</li><li>Use a href=”https://owaspsamm.org/”SAMM as a guide to development </li></ul> </div> </div> <div class="elementor-element elementor-element-4bc6493 elementor-widget elementor-widget-menu-anchor" data-id="4bc6493" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="security-misconfigurations"></div> </div> </div> <div class="elementor-element elementor-element-c0ad93f elementor-widget elementor-widget-heading" data-id="c0ad93f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">5</h2> </div> </div> <div class="elementor-element elementor-element-6dafdf6 elementor-widget elementor-widget-heading" data-id="6dafdf6" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Security Misconfigurations</h2> </div> </div> <div class="elementor-element elementor-element-eba82c8 elementor-widget elementor-widget-text-editor" data-id="eba82c8" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>This category moves up one notch from the previous top 10 list published in 2017. The previous category for XML External Entities (XXE) has been rolled into this one. There is a litany of possible security misconfigurations, but here are the most common:</p><ul><li>Unpatched flaws</li><li>Default configurations</li><li>Unused pages</li><li>Unprotected files and directories</li><li>Unnecessary services</li><li>Usage of vulnerable XML files</li></ul><p> </p><p>One of the most common webmaster flaws is keeping the CMS default configurations.</p><p>Today’s CMS applications (although easy to use) can be tricky from a security perspective for the end users. By far, the most common attacks are entirely automated. Many of these attacks rely on users to have only default settings.</p><p>This means that a large number of attacks can be mitigated by changing the default settings when installing a CMS.</p><p>There are settings you may want to adjust to control comments, users, and the visibility of user information. The file permissions are another example of a default setting that can be hardened.</p><h3>Where Can Security Misconfiguration Happen?</h3><p>Misconfiguration can happen at any level of an application stack, including:</p><ul><li>Network services</li><li>Platform</li><li>Web server</li><li>Application server</li><li>Database</li><li>Frameworks</li><li>Custom code</li><li>Pre-installed virtual machines</li><li>Containers</li><li>Storage</li></ul><p> </p><p>One of the most recent examples of application misconfigurations is the <a href="https://blog.sucuri.net/2019/08/largest-ddos-attack.html">memcached servers</a> used to <a href="https://sucuri.net/ddos-protection/">DDoS</a> huge services in the Tech Industry.<br />Examples of Security Misconfiguration Attacks</p><p>According to OWASP, these are some examples of attack scenarios:</p><ul><li><strong>Scenario #1:</strong> The application server comes with sample applications that are not removed from the production server. These sample applications have known security flaws that attackers use to compromise the server. If one of these applications is the admin console and default accounts weren’t changed, the attacker logs in with default passwords and takes over.</li><li><strong>Scenario #2:</strong> Directory listing is not disabled on the server. An attacker discovers they can simply list directories. They find and download the compiled Java classes, which they decompile and reverse engineer to view the code. The attacker then finds a serious access control flaw in the application.</li><li><strong>Scenario #3:</strong> The application server’s configuration allows detailed error messages, e.g. stack traces, to be returned to users. This potentially exposes sensitive information or underlying flaws, such as component versions. They are known to be vulnerable.</li><li>S<strong>cenario #4:</strong> A cloud service provider has default sharing permissions open to the Internet by other CSP users. This allows stored sensitive data to be accessed within cloud storage.</li></ul><h3>How to Secure Installation Systems</h3><p>In order to prevent security misconfiguration use:</p><ul><li>A repeatable hardening process that makes it fast and easy to deploy another environment that is properly locked down. Development, QA, and production environments should all be configured identically, with different credentials used in each environment. Automate this process in order to minimize the effort required to set up a new secure environment.</li><li>A minimal platform without any unnecessary features, components, documentation, and samples. Remove or do not install unused features and frameworks.</li><li>A task to review and update the configurations appropriate to all security notes, updates, and patches as part of the patch management process. In particular, review cloud storage permissions.</li><li>A segmented application architecture that provides effective and secure separation between components or tenants, with segmentation, containerization, or cloud security groups.</li><li>Sending security directives to clients, e.g. Security Headers.</li><li>An automated process to verify the effectiveness of the configurations and settings in all environments.</li></ul> </div> </div> <div class="elementor-element elementor-element-7b507bb elementor-widget elementor-widget-menu-anchor" data-id="7b507bb" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="vulnerable-and-outdated-components"></div> </div> </div> <div class="elementor-element elementor-element-fb3644f elementor-widget elementor-widget-heading" data-id="fb3644f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">6</h2> </div> </div> <div class="elementor-element elementor-element-d7f1eb8 elementor-widget elementor-widget-heading" data-id="d7f1eb8" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Vulnerable and Outdated Components</h2> </div> </div> <div class="elementor-element elementor-element-83d2f35 elementor-widget elementor-widget-text-editor" data-id="83d2f35" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Even simple websites such as personal blogs have a lot of dependencies, plugins, extensions and third party code. Failing to update every piece of software on the backend and frontend of a website will introduce heavy security risks sooner rather than later. Attackers actively seek out websites using vulnerable components and aggressively exploit them to spread malware, spam and phishing.</p><p>For example, in 2019, 56% of all CMS applications were out of date at the point of infection.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-7fbf384 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="7fbf384" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-3ef5633" data-id="3ef5633" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-ba794df elementor-widget elementor-widget-image" data-id="ba794df" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <img decoding="async" width="640" height="392" src="https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-Threat-Report-Out-Of-Date-Cms-Distribution-2019-1-768x470.png" class="attachment-medium_large size-medium_large wp-image-9240" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-Threat-Report-Out-Of-Date-Cms-Distribution-2019-1-768x470.png 768w, https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-Threat-Report-Out-Of-Date-Cms-Distribution-2019-1-300x184.png 300w, https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-Threat-Report-Out-Of-Date-Cms-Distribution-2019-1-1024x626.png 1024w, https://sucuri.net/wp-content/uploads/2023/02/22-Sucuri-Guide-Threat-Report-Out-Of-Date-Cms-Distribution-2019-1.png 1200w" sizes="(max-width: 640px) 100vw, 640px" /> </div> </div> <div class="elementor-element elementor-element-44f5458 elementor-widget elementor-widget-text-editor" data-id="44f5458" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>The question is, why aren’t we updating their software on time? Why is this still such a huge problem today?</p><p>There are some possibilities, such as:</p><ul><li>Webmasters/developers cannot keep up with the pace of the updates; after all, updating properly takes time.</li><li>Legacy code won’t work on newer versions of its dependencies.</li><li>Webmasters are scared that something will break on their website.</li><li>Webmasters don’t have the expertise to properly apply the update.</li></ul><p> </p><p>This might sound dramatic, but every time you disregard an update warning you might be allowing a now known vulnerability to survive in your system. Trust us, cybercriminals are quick to investigate software and changelogs.</p><p>Whatever the reason for running out-of-date software on your web application, you can’t leave it unprotected. Both Sucuri and OWASP recommend virtual patching for the cases where patching is not possible.</p><p>Virtual patching affords websites that are outdated (or with known vulnerabilities) to be protected from attacks by preventing the exploitation of these vulnerabilities on the fly. This is usually done by a <a href="https://sucuri.net/website-firewall/">firewall</a> and an intrusion detection system (IDS).</p><h3>Vulnerable Applications</h3><p>Vulnerable applications are usually outdated, according to OWASP guidelines, if:</p><ul><li>You do not know the versions of all components you use (both client-side and server-side). This includes components you directly use as well as nested dependencies.</li><li>The software is vulnerable, unsupported, or out of date. This includes the OS, web/application server, database management system (DBMS), applications, APIs and all components, runtime environments, and libraries.</li><li>You do not fix or upgrade the underlying platform, frameworks, and dependencies in a risk-based, timely fashion. This commonly happens in environments when patching is a monthly or quarterly task under change control, which leaves organizations open to many days or months of unnecessary exposure to fixed vulnerabilities.</li><li>The software developers do not test the compatibility of updated, upgraded, or patched libraries.</li><li>You do not secure the components’ configurations.</li></ul><p> </p><p>You can <a href="https://info.sucuri.net/subscribe-to-security">subscribe to our security blog feed</a> to be on top of security issues caused by vulnerable applications.</p><h3>How to Avoid Using Components with Known Vulnerabilities</h3><p>Some of the ways to prevent the use of vulnerable components are:</p><ul><li>Remove all unnecessary dependencies.</li><li>Keep an inventory of all your components on the client-side and server-side.</li><li>Monitor sources like Common Vulnerabilities and Disclosures <a href="https://cve.mitre.org/">(CVE)</a> and National Vulnerability Database <a href="https://nvd.nist.gov/">(NVD)</a> for vulnerabilities in the components.</li><li>Scan your website with a security testing tool such as <a href="https://wpscan.com/">WPScan</a></li><li>Obtain components only from official sources.</li><li>Delete components not actively maintained.</li><li>Use virtual patching with the help of a <a href="https://sucuri.net/website-firewall/">Website Application Firewall</a>.</li></ul> </div> </div> <div class="elementor-element elementor-element-ca2328e elementor-widget elementor-widget-menu-anchor" data-id="ca2328e" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="identification-authentication-failures"></div> </div> </div> <div class="elementor-element elementor-element-8140c8f elementor-widget elementor-widget-heading" data-id="8140c8f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">7</h2> </div> </div> <div class="elementor-element elementor-element-4835c11 elementor-widget elementor-widget-heading" data-id="4835c11" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Identification and Authentication Failures</h2> </div> </div> <div class="elementor-element elementor-element-5ae9172 elementor-widget elementor-widget-text-editor" data-id="5ae9172" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Previously number two on the OWASP list, “broken authentication” has been renamed to this and now ranked at number seven. A broken authentication vulnerability can allow an attacker to use manual and/or automatic methods to try to gain control over any account they want in a system – or even worse – to gain complete control over the system.</p><p>Websites with broken authentication vulnerabilities are very common on the web. Broken authentication usually refers to logic issues that occur on the application authentication’s mechanism, like bad session management prone to username enumeration – when a malicious actor uses brute-force techniques to either guess or confirm valid users in a system.</p><p>To minimize authentication failure risks avoid leaving the login page for admins publicly accessible to all visitors of the website:</p><ul><li>/administrator on Joomla!</li><li>/wp-admin/ on WordPress</li><li>/index.php/admin on Magento</li><li>/user/login on Drupal.</li></ul><p> </p><p>Brute force username/password combinations against those pages.</p><h3>Types of Authentication Failure Vulnerabilities</h3><p>According to the OWASP Top 10, these vulnerabilities can come in many forms. A web application contains a broken authentication vulnerability if it:</p><ul><li>Permits automated attacks such as credential stuffing, where the attacker has a list of valid usernames and passwords.</li><li>Permits brute force or other automated attacks.</li><li>Permits default, weak, or well-known passwords, such as”Password1″ or “admin/admin.″</li><li>Uses weak or ineffective credential recovery and forgot-password processes, such as “knowledge-based answers,” which cannot be made safe.</li><li>Uses plain text, encrypted, or weakly hashed passwords.</li><li>Has missing or ineffective multi-factor authentication (MFA).</li><li>Exposes session IDs in the URL (e.g., URL rewriting).</li><li>Does not rotate session IDs after successful login.</li><li>Does not properly invalidate session IDs. User sessions or authentication tokens (particularly single sign-on (SSO) tokens) aren’t properly invalidated during logout or a period of inactivity.</li></ul><p> </p><p>Writing insecure software results in most of these vulnerabilities. They can be attributed to many factors such as lack of experience from the developers. It can also be the consequence of more institutionalized failures such as lack of security requirements or organizations rushing software releases, in other words, choosing working software over secure software.</p><h3>How do you prevent authentication failures?</h3><p>In order to avoid authentication failure make sure the developers apply to the best practices of website security. Support them by providing access to external security audits and enough time to properly test the code before deploying to production.</p><p>OWASP’s technical recommendations are the following:</p><ul><li>Where possible, implement multi-factor authentication to prevent automated, credential stuffing, brute force, and stolen credential reuse attacks.</li><li>Do not ship or deploy with any default credentials, particularly for admin users.</li><li>Implement weak-password checks, such as testing new or changed passwords against a list of the top 10,000 worst passwords.</li><li>Align password length, complexity and rotation policies with <a href="https://pages.nist.gov/800-63-3/">NIST</a> 800-63 B’s guidelines in section 5.1.1 for Memorized Secrets or other modern, evidence-based password policies.</li><li>Ensure registration, credential recovery, and API pathways are hardened against account enumeration attacks by using the same messages for all outcomes.</li><li>Limit or increasingly delay failed login attempts. Log all failures and alert administrators when credential stuffing, brute force, or other attacks are detected.</li><li>Use a server-side, secure, built-in session manager that generates a new random session ID with high entropy after login. Session IDs should not be in the URL. Ids should also be securely stored and invalidated after logout, idle, and absolute timeouts.</li></ul> </div> </div> <div class="elementor-element elementor-element-28ecbba elementor-widget elementor-widget-menu-anchor" data-id="28ecbba" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="software-data-integrity-failures"></div> </div> </div> <div class="elementor-element elementor-element-259b786 elementor-widget elementor-widget-heading" data-id="259b786" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">8</h2> </div> </div> <div class="elementor-element elementor-element-1af91cc elementor-widget elementor-widget-heading" data-id="1af91cc" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Software and Data Integrity Failures</h2> </div> </div> <div class="elementor-element elementor-element-b5dbf71 elementor-widget elementor-widget-text-editor" data-id="b5dbf71" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Another new addition to the 2021 roster is software and data integrity failures. These failures can take many forms, particularly since as the web evolves it is more and more common to use third party code and services within web applications. These failures can be summarised as follows:</p><ul><li>Usage of code that does not verify integrity of source</li><li>Usage of third party plugins where you do not control the source</li><li>Plugins and extensions from untrusted sources</li><li>The introduction of or potential for compromise or unauthorised access</li><li>Auto-updates assume trust of the source</li></ul><p> </p><p>WordPress website administrators make heavy usage out of the official WordPress repository. Other CMS platforms have similar libraries that are used. Unlike proprietary software platforms these repositories are all open source and the code is publicly accessible and able to be scrutinised. This is a major advantage but not foolproof. Many open source plugins over the last few years have been targeted by attackers after serious vulnerabilities were discovered within them.</p><p>It is also unfortunately common for website owners to use hacked or “nulled” plugins/themes on their website. These are almost <a href="https://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html">always</a> coupled with backdoors that will be used to compromise the website environment.</p><h3>Examples of Integrity Failure</h3><ul><li>In 2021, attackers were able to circumvent Microsoft’s verification process and were able to release a digitally <a href="https://arstechnica.com/gadgets/2021/06/microsoft-digitally-signs-malicious-rootkit-driver/">signed</a> driver infected with rootkit</li><li>The SolarWinds hack <a href="https://www.cnbc.com/2021/10/25/solarwinds-hackers-targeting-global-it-supply-chain-microsoft-says.html">distributed</a> backdoored software to thousands of organisations including US government and hundreds of major corporations</li><li>In 2016 the website of the popular Linux distribution Linux Mint was hacked and the ISO file <a href="https://www.trendmicro.com/vinfo/fr/security/news/cybercrime-and-digital-threats/linux-mint-website-hacked-iso-downloads-replaced-with-a-backdoor">replaced</a> with backdoored version</li></ul><h3>How to Prevent Integrity Failure</h3><p>As our list of examples above indicates, sometimes verifying proper integrity of software is impossible. However, to do our best due diligence the following principles should be adhered to:</p><ul><li>Use software that was digitally signed by a trusted vendor</li><li>Use trusted software repositories, or your own repository</li><li>Verify that your extensions contain no known vulnerabilities</li><li>Verify checksums and file hashes</li><li>Ensure there is a review process for code changes/updates</li><li>Ensure proper access control to ensure data integrity</li></ul> </div> </div> <div class="elementor-element elementor-element-ff0e3f3 elementor-widget elementor-widget-menu-anchor" data-id="ff0e3f3" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="security-logging-monitoring-failures"></div> </div> </div> <div class="elementor-element elementor-element-bc39da2 elementor-widget elementor-widget-heading" data-id="bc39da2" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">9</h2> </div> </div> <div class="elementor-element elementor-element-d74d03b elementor-widget elementor-widget-heading" data-id="d74d03b" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Security Logging & Monitoring Failures</h2> </div> </div> <div class="elementor-element elementor-element-c940c54 elementor-widget elementor-widget-text-editor" data-id="c940c54" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>The importance of securing a website cannot be understated. While 100% security is not a realistic goal, there are ways to <a href="https://sucuri.net/malware-detection-scanning/">keep your website monitored</a> on a regular basis. This allows you to take immediate action when something happens.<br />Not having an efficient logging and monitoring process in place can increase the damage of a website compromise.</p><p>Here at Sucuri, we highly recommend that every website is properly monitored. If you need to monitor your server, <a href="https://www.ossec.net/">OSSEC</a> is freely available to help you. OSSEC actively monitors all aspects of system activity with file integrity monitoring, log monitoring, root check, and process monitoring.</p><h3>Example of Logging and Monitoring Attack Scenarios</h3><p>According to OWASP, these are some examples of attack scenarios due to insufficient logging and monitoring:</p><ul><li><strong>Scenario #1:</strong> An open-source project forum software run by a small team was hacked using a flaw in its software. The attackers managed to wipe out the internal source code repository containing the next version and all of the forum contents. Although the source could be recovered, the lack of monitoring, logging, or alerting led to a far worse breach. The forum software project is no longer active as a result of this issue.</li><li><strong>Scenario #2:</strong> An attacker scans for users with a common password. They can take over all accounts with this password. For all other users, this scan leaves only one false login behind. After some days, this may be repeated with a different password.</li><li><strong>Scenario #3:</strong> A major U.S. retailer reportedly had an internal malware analysis sandbox analyzing attachments. The sandbox software had detected potentially unwanted software, but no one responded to this detection. The sandbox had been producing warnings for some time before detecting the breach due to fraudulent card transactions by an external bank.</li></ul><h3>How to Have Efficient Website Monitoring</h3><p>Keeping audit logs give visibility to suspicious changes to your website. An audit log is a document that records the events in a website so you can spot anomalies and confirm with the person in charge that the account hasn’t been compromised.<br />Whatever the reason for running out-of-date software on your web application, you can’t leave it unprotected. Both Sucuri and OWASP recommend virtual patching for the cases where patching is not possible.</p><p>We know that it may be hard for some users to perform audit logs manually. If you have a WordPress website, you can use our free <a href="https://wordpress.org/plugins/sucuri-scanner/">WordPress Security Plugin</a> to help you with your audit logs. The plugin can be downloaded from the official WordPress repository.</p> </div> </div> <div class="elementor-element elementor-element-9e276fe elementor-widget elementor-widget-menu-anchor" data-id="9e276fe" data-element_type="widget" data-widget_type="menu-anchor.default"> <div class="elementor-widget-container"> <div class="elementor-menu-anchor" id="server-side-request-forgery"></div> </div> </div> <div class="elementor-element elementor-element-9c82610 elementor-widget elementor-widget-heading" data-id="9c82610" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">10</h2> </div> </div> <div class="elementor-element elementor-element-281c22f elementor-widget elementor-widget-heading" data-id="281c22f" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Server-Side Request Forgery</h2> </div> </div> <div class="elementor-element elementor-element-69d2b7b elementor-widget elementor-widget-text-editor" data-id="69d2b7b" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>OWASP resource:</p><p><em>SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).</em></p><p>As cloud services increase in usage and popularity as well as their complexity, the prevalence and risk of SSRF attacks increase too. As cloud services increase in usage and popularity as well as their complexity, the prevalence and risk of SSRF attacks increase too.</p><h3>How to Prevent SSRF in Web Applications</h3><ul><li>Sanitize all user input</li><li>Use a positive allow list rather than a punitive block list</li><li>Do not send raw responses to users/clients</li><li>Disable unencrypted (HTTP) redirections</li></ul><h3>Example Attack Scenarios</h3><p>Attackers can use SSRF to attack systems protected behind web application firewalls, firewalls, or network ACLs, using scenarios such as:</p><p><strong>Scenario #1 – Port scan internal servers:</strong></p><p>If the network architecture is unsegmented, attackers can map out internal networks and determine if ports are open or closed on internal servers from connection results or elapsed time to connect or reject SSRF payload connections.</p><p><strong>Scenario #2 – Sensitive data exposure:</strong></p><p>Attackers can access local files such as or internal services to gain sensitive information such as file:///etc/passwd and https://localhost:28017/.</p><p><strong>Scenario #3 – Access metadata storage of cloud services:</strong></p><p>Most cloud providers have metadata storage such as https://169.254.169.254/. An attacker can read the metadata to gain sensitive information.</p><p><strong>Scenario #4 – Compromise internal services:</strong></p><p>The attacker can abuse internal services to conduct further attacks such as Remote Code Execution (RCE) or Denial of Service (DoS).</p> </div> </div> <div class="elementor-element elementor-element-5be24e3 elementor-widget elementor-widget-text-editor" data-id="5be24e3" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <h4>Conclusion</h4><p>Since 2001, OWASP has been compiling research from over 32,000 volunteers world-wide to educate you on the most dangerous risks facing your website. The change in order and the introduction on new categories has marked a change in the threatscape of the internet. These risks and the strategies provided to mitigate them will put your website security ahead of the curve and out of hackers’ reach.</p> </div> </div> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-9e96733 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="9e96733" data-element_type="section" data-settings="{"background_background":"gradient"}"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-39aee3f" data-id="39aee3f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <section class="elementor-section elementor-inner-section elementor-element elementor-element-45d945c elementor-section-content-middle elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="45d945c" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-50 elementor-inner-column elementor-element elementor-element-fe3b9d0" data-id="fe3b9d0" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-d903b6c elementor-widget elementor-widget-heading" data-id="d903b6c" data-element_type="widget" data-gatrack="Button_Click, OWASP_Top_10_2021_Get_Started_Now" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Protect your site from malware and hackers.</h2> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-753ce2a" data-id="753ce2a" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-55eb2ff elementor-align-right elementor-mobile-align-center elementor-widget elementor-widget-button" data-id="55eb2ff" data-element_type="widget" data-gatrack="Button_Click, OWASP_Top_10_2021_Get_Started_Now" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-firewall/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Get Started Now</span> </span> </a> </div> </div> </div> </div> </div> <div class="elementor-column elementor-col-25 elementor-inner-column elementor-element elementor-element-c210c5c" data-id="c210c5c" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-e645f2e elementor-align-left elementor-mobile-align-center elementor-widget elementor-widget-button" data-id="e645f2e" data-element_type="widget" data-gatrack="Button_Click, OWASP_Top_10_2021_Get_Started_Learn_More" data-widget_type="button.default"> <div class="elementor-widget-container"> <div class="elementor-button-wrapper"> <a class="elementor-button elementor-button-link elementor-size-sm" href="https://sucuri.net/website-hack-protection/"> <span class="elementor-button-content-wrapper"> <span class="elementor-button-text">Learn More</span> </span> </a> </div> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> <section class="elementor-section elementor-top-section elementor-element elementor-element-6ad596b elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="6ad596b" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2fb9eb2" data-id="2fb9eb2" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-7499f66 elementor-widget elementor-widget-heading" data-id="7499f66" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h2 class="elementor-heading-title elementor-size-default">Sucuri Resource Library</h2> </div> </div> <div class="elementor-element elementor-element-fdd12b4 elementor-widget elementor-widget-text-editor" data-id="fdd12b4" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Say on top emerging website security threats with our helpful guides, email, courses, and blog content.</p> </div> </div> <section class="elementor-section elementor-inner-section elementor-element elementor-element-27c0e35 elementor-section-boxed elementor-section-height-default elementor-section-height-default" data-id="27c0e35" data-element_type="section"> <div class="elementor-container elementor-column-gap-extended"> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-e92f5c6" data-id="e92f5c6" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-25766dd elementor-widget elementor-widget-image" data-id="25766dd" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/webinars/how-to-clean-hacked-wordpress-site/" title="Webinar"> <img decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar-1.png" class="attachment-medium_large size-medium_large wp-image-8969" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar-1.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-webinar-1-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-274533d elementor-view-default elementor-widget elementor-widget-icon" data-id="274533d" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://sucuri.net/webinars/how-to-clean-hacked-wordpress-site/" title="Webinar"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-68fa6cd elementor-widget elementor-widget-heading" data-id="68fa6cd" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Webinar</h4> </div> </div> <div class="elementor-element elementor-element-e7cb135 elementor-widget elementor-widget-text-editor" data-id="e7cb135" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Learn how to identify issues if you suspect your WordPress site has been hacked.</p> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-03aa8b1" data-id="03aa8b1" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-04e6bdc elementor-widget elementor-widget-image" data-id="04e6bdc" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://info.sucuri.net/wordpress-security-course" title="Email Course"> <img loading="lazy" decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses-1.png" class="attachment-medium_large size-medium_large wp-image-8967" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses-1.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-email-courses-1-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-c57c598 elementor-view-default elementor-widget elementor-widget-icon" data-id="c57c598" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://info.sucuri.net/wordpress-security-course" title="Email Course"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-8ad8da9 elementor-widget elementor-widget-heading" data-id="8ad8da9" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Email Course</h4> </div> </div> <div class="elementor-element elementor-element-bd8e75e elementor-widget elementor-widget-text-editor" data-id="bd8e75e" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Join our email series as we offer actionable steps and basic security techniques for WordPress site owners.</p> </div> </div> </div> </div> <div class="elementor-column elementor-col-33 elementor-inner-column elementor-element elementor-element-5ba988d" data-id="5ba988d" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-f38e1c2 elementor-widget elementor-widget-image" data-id="f38e1c2" data-element_type="widget" data-widget_type="image.default"> <div class="elementor-widget-container"> <a href="https://sucuri.net/reports/2017-hacked-website-report/" title="Report"> <img loading="lazy" decoding="async" width="545" height="324" src="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report.png" class="attachment-medium_large size-medium_large wp-image-8857" alt="" srcset="https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report.png 545w, https://sucuri.net/wp-content/uploads/2023/01/22-sucuri-resource-report-300x178.png 300w" sizes="(max-width: 545px) 100vw, 545px" /> </a> </div> </div> <div class="elementor-element elementor-element-792ccbd elementor-view-default elementor-widget elementor-widget-icon" data-id="792ccbd" data-element_type="widget" data-widget_type="icon.default"> <div class="elementor-widget-container"> <div class="elementor-icon-wrapper"> <a class="elementor-icon" href="https://sucuri.net/reports/2017-hacked-website-report/" title="Report"> <svg aria-hidden="true" class="e-font-icon-svg e-fas-arrow-right" viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg"><path d="M190.5 66.9l22.2-22.2c9.4-9.4 24.6-9.4 33.9 0L441 239c9.4 9.4 9.4 24.6 0 33.9L246.6 467.3c-9.4 9.4-24.6 9.4-33.9 0l-22.2-22.2c-9.5-9.5-9.3-25 .4-34.3L311.4 296H24c-13.3 0-24-10.7-24-24v-32c0-13.3 10.7-24 24-24h287.4L190.9 101.2c-9.8-9.3-10-24.8-.4-34.3z"></path></svg> </a> </div> </div> </div> <div class="elementor-element elementor-element-911a232 elementor-widget elementor-widget-heading" data-id="911a232" data-element_type="widget" data-widget_type="heading.default"> <div class="elementor-widget-container"> <h4 class="elementor-heading-title elementor-size-default">Report</h4> </div> </div> <div class="elementor-element elementor-element-4b73b34 elementor-widget elementor-widget-text-editor" data-id="4b73b34" data-element_type="widget" data-widget_type="text-editor.default"> <div class="elementor-widget-container"> <p>Based on our data, the three most commonly infected CMS platforms were WordPress, Joomla! and Magento.</p> </div> </div> </div> </div> </div> </section> </div> </div> </div> </section> </div> <div data-elementor-type="footer" data-elementor-id="10539" class="elementor elementor-10539 elementor-location-footer" data-elementor-post-type="elementor_library"> <section class="elementor-section elementor-top-section elementor-element elementor-element-861d687 elementor-section-full_width elementor-section-height-default elementor-section-height-default" data-id="861d687" data-element_type="section"> <div class="elementor-container elementor-column-gap-default"> <div class="elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-fc1f30f" data-id="fc1f30f" data-element_type="column"> <div class="elementor-widget-wrap elementor-element-populated"> <div class="elementor-element elementor-element-a32286d elementor-widget elementor-widget-footer_section" data-id="a32286d" data-element_type="widget" data-widget_type="footer_section.default"> <div class="elementor-widget-container"> <div class="sucuri-footer-revamp parent"> <div class="footer-menu-logo-container"> <div class="footer-menu-logo-internal"> <div class="image-container"> <img src="https://sucuri.net/wp-content/uploads/2022/12/sucuri_logo_dark.svg" alt="Sucuri Logo"> </div> <div class="social-media-container"> <p>Let’s Connect</p> <div class="social-media-wrapper"> <a aria-label="Visit our Twitter profile" href="https://twitter.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="21" viewBox="0 0 23 21" fill="none"><path d="M18.1138 0.210449H21.6407L13.9356 8.92748L23 20.7894H15.9016L10.3427 13.5952L3.98206 20.7894H0.453113L8.69443 11.4656L0 0.210449H7.27646L12.3012 6.78621L18.1117 0.210449H18.1138ZM16.876 18.6998H18.8303L6.21564 2.19025H4.11853L16.876 18.6998Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Facebook profile" href="https://www.facebook.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M21.7287 0H1.27126C0.567177 0 0 0.567177 0 1.27126V21.7287C0 22.4328 0.567177 23 1.27126 23H12.2823V14.1012H9.28996V10.6395H12.2823V8.07738C12.2823 5.10459 14.1012 3.48129 16.7415 3.48129C18.0128 3.48129 19.108 3.57908 19.4209 3.6182V6.72789H17.5825C16.1352 6.72789 15.8614 7.41241 15.8614 8.40986V10.6199H19.3036L18.8537 14.0816H15.8614V22.9804H21.7287C22.4328 22.9804 23 22.4133 23 21.7092V1.27126C23 0.567177 22.4328 0 21.7287 0Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Instagram profile" href="https://www.instagram.com/sucurisecurity/"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M22.9218 6.76701C22.8631 5.55442 22.6675 4.71344 22.3937 3.97024C22.1003 3.20748 21.7092 2.58163 21.0638 1.93622C20.4184 1.29082 19.7925 0.89966 19.0298 0.606292C18.3061 0.312925 17.4651 0.136905 16.233 0.0782313C15.0008 0.0195578 14.6097 0 11.5 0C8.3903 0 7.97959 0 6.767 0.0782313C5.53486 0.136905 4.71343 0.332483 3.97024 0.606292C3.20748 0.89966 2.58163 1.29082 1.93622 1.93622C1.29081 2.58163 0.899655 3.20748 0.606288 3.97024C0.31292 4.69388 0.117341 5.53486 0.0782256 6.76701C0.0195522 7.99915 0 8.39031 0 11.5C0 14.6097 -5.6684e-06 15.0204 0.0782256 16.233C0.136899 17.4456 0.332478 18.2866 0.606288 19.0298C0.899655 19.7925 1.29081 20.4184 1.93622 21.0638C2.58163 21.7092 3.20748 22.1003 3.97024 22.3937C4.69388 22.6675 5.53486 22.8631 6.767 22.9218C7.99915 22.9804 8.3903 23 11.5 23C14.6097 23 15.0008 23 16.233 22.9218C17.4456 22.8631 18.2866 22.6675 19.0298 22.3937C19.7925 22.1003 20.4184 21.7092 21.0638 21.0638C21.7092 20.4184 22.1003 19.7925 22.3937 19.0298C22.6871 18.3061 22.8631 17.4651 22.9218 16.233C22.9804 15.0009 23 14.6097 23 11.5C23 8.39031 23 7.99915 22.9218 6.76701ZM20.8486 16.1548C20.79 17.2696 20.6139 17.8759 20.4575 18.2866C20.2423 18.8146 20.0077 19.2058 19.5969 19.6165C19.1862 20.0272 18.8146 20.2619 18.267 20.477C17.8563 20.6335 17.25 20.8291 16.1352 20.8682C14.9226 20.9269 14.551 20.9269 11.5 20.9269C8.44897 20.9269 8.05782 20.9269 6.86479 20.8682C5.75 20.8095 5.1437 20.6335 4.73299 20.477C4.20493 20.2619 3.81377 20.0272 3.40306 19.6165C2.99234 19.2058 2.75765 18.8342 2.54252 18.2866C2.38605 17.8759 2.19047 17.2696 2.15136 16.1548C2.09268 14.9422 2.09269 14.5901 2.09269 11.5196C2.09269 8.44898 2.09268 8.09694 2.15136 6.88435C2.21003 5.76956 2.38605 5.16327 2.54252 4.75255C2.75765 4.22449 2.99234 3.83333 3.40306 3.44218C3.81377 3.03146 4.18537 2.79677 4.73299 2.58163C5.1437 2.42517 5.75 2.22959 6.86479 2.19048C8.07738 2.1318 8.44897 2.1318 11.5 2.1318C14.551 2.1318 14.9226 2.1318 16.1352 2.19048C17.25 2.24915 17.8563 2.42517 18.267 2.58163C18.7951 2.79677 19.1862 3.03146 19.5969 3.44218C20.0077 3.85289 20.2423 4.22449 20.4575 4.75255C20.6139 5.16327 20.8095 5.76956 20.8486 6.88435C20.9073 8.09694 20.9073 8.46854 20.9073 11.5196C20.9073 14.5706 20.9073 14.9422 20.8486 16.1548Z" fill="#00FFCE"></path><path d="M11.5002 5.59375C8.23405 5.59375 5.59375 8.23406 5.59375 11.5002C5.59375 14.7664 8.23405 17.4067 11.5002 17.4067C14.7664 17.4067 17.4067 14.7664 17.4067 11.5002C17.4067 8.23406 14.7664 5.59375 11.5002 5.59375ZM11.5002 15.314C9.38796 15.314 7.66687 13.5929 7.66687 11.4807C7.66687 9.36841 9.38796 7.64732 11.5002 7.64732C13.6125 7.64732 15.3335 9.36841 15.3335 11.4807C15.3335 13.5929 13.6125 15.314 11.5002 15.314Z" fill="#00FFCE"></path><path d="M17.6406 3.98975C16.8778 3.98975 16.252 4.6156 16.252 5.37835C16.252 6.14111 16.8778 6.7474 17.6406 6.7474C18.4033 6.7474 19.0096 6.12155 19.0096 5.37835C19.0096 4.63515 18.3838 3.98975 17.6406 3.98975Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our LinkedIn profile" href="https://www.linkedin.com/company/sucuri-security"> <svg xmlns="http://www.w3.org/2000/svg" width="23" height="23" viewBox="0 0 23 23" fill="none"><path d="M0.445161 23H4.89677V7.04375H0.445161V23ZM2.67097 0C1.1871 0 0 1.15 0 2.5875C0 4.025 1.1871 5.175 2.67097 5.175C4.15484 5.175 5.34194 4.025 5.34194 2.5875C5.34194 1.15 4.15484 0 2.67097 0ZM12.4645 9.4875V7.04375H8.0129V23H12.4645V14.8063C12.4645 10.2063 18.5484 9.91875 18.5484 14.8063V23H23V13.225C23 5.4625 14.5419 5.75 12.4645 9.4875Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our YouTube profile" href="https://www.youtube.com/SucuriSecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="30" height="21" viewBox="0 0 30 21" fill="none"><path d="M28.5264 3.64516C28.2012 2.42561 27.2041 1.45838 25.9469 1.12195C23.6708 0.533203 14.5667 0.533203 14.5667 0.533203C14.5667 0.533203 5.4625 0.533203 3.18646 1.12195C1.92922 1.43735 0.953767 2.40458 0.606942 3.64516C-2.64865e-06 5.85296 0 10.4999 0 10.4999C0 10.4999 -2.64865e-06 15.1257 0.606942 17.3546C0.932091 18.5741 1.92922 19.5414 3.18646 19.8778C5.4625 20.4665 14.5667 20.4665 14.5667 20.4665C14.5667 20.4665 23.6708 20.4665 25.9469 19.8778C27.2041 19.5414 28.1796 18.5952 28.5264 17.3546C29.1333 15.1257 29.1333 10.4999 29.1333 10.4999C29.1333 10.4999 29.1333 5.87399 28.5264 3.64516ZM11.597 14.6842V6.2735L19.2054 10.4788L11.597 14.6842Z" fill="#00FFCE"></path></svg> </a> <a aria-label="Visit our Threads profile" href="https://www.threads.net/@sucurisecurity"> <svg xmlns="http://www.w3.org/2000/svg" width="21" height="23" viewBox="0 0 21 23" fill="none"><path d="M10.6248 23H10.618C7.11116 22.977 4.4152 21.8452 2.60353 19.6372C0.99262 17.6717 0.160232 14.9366 0.132812 11.5096V11.4933C0.162191 8.06342 0.993599 5.33121 2.60549 3.36471C4.4152 1.15479 7.11312 0.023 10.6189 0H10.6326C13.3217 0.0191667 15.5712 0.694792 17.3172 2.01058C18.9595 3.24683 20.116 5.01017 20.7535 7.24979L18.7558 7.79508C17.6746 4.00008 14.9385 2.06042 10.6238 2.03071C7.77413 2.05179 5.61972 2.92771 4.21935 4.6345C2.90907 6.233 2.23239 8.54258 2.20595 11.5C2.23239 14.4574 2.90907 16.767 4.22033 18.3655C5.6207 20.0742 7.77609 20.9511 10.6248 20.9693C13.1935 20.9501 14.8925 20.3646 16.3046 19.0095C17.9175 17.4637 17.8891 15.5662 17.372 14.4114C17.0685 13.731 16.5171 13.1656 15.7719 12.7343C15.5839 14.03 15.1628 15.0784 14.5145 15.87C13.6469 16.9261 12.4189 17.503 10.8618 17.5854C9.68471 17.6477 8.54972 17.3765 7.67033 16.8178C6.62935 16.1575 6.02024 15.1503 5.95463 13.9773C5.89098 12.8369 6.35418 11.7875 7.25707 11.0237C8.11884 10.2954 9.33216 9.867 10.7658 9.7865C11.7538 9.72614 12.7455 9.77177 13.7233 9.92258C13.5999 9.2115 13.356 8.64608 12.9888 8.23879C12.4864 7.67721 11.7079 7.39258 10.6787 7.38587H10.6503C9.82376 7.38587 8.69955 7.60821 7.98566 8.65088L6.26506 7.52004C7.22476 6.12663 8.77985 5.35804 10.6503 5.35804H10.6934C13.8212 5.37721 15.6848 7.25075 15.8708 10.5215C15.9766 10.5656 16.0823 10.6116 16.1852 10.6576C17.6443 11.3285 18.7117 12.3453 19.2738 13.5997C20.0543 15.3439 20.1268 18.1901 17.7579 20.4595C15.9462 22.194 13.7487 22.978 10.6317 22.999L10.6248 23ZM11.607 11.7971C11.37 11.7971 11.1301 11.8038 10.8833 11.8172C9.08539 11.9159 7.96509 12.7238 8.02776 13.8709C8.09338 15.0746 9.44968 15.6333 10.7541 15.5643C11.9527 15.502 13.5137 15.0439 13.7761 12.0089C13.0628 11.8633 12.3357 11.7923 11.607 11.7971Z" fill="#00FFCE"></path></svg> </a> </div> </div> </div> </div> <div class="sucuri-footer-revamp child"> <div class="footer-menu-revamp-container"> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/website-security/"> Products </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/website-firewall/"> Website Firewall </a> <a class="link-child" href="https://sucuri.net/website-security-platform/"> Website Security Platform </a> <a class="link-child" href="https://sucuri.net/wordpress-security/"> WordPress Security </a> <a class="link-child" href="https://sucuri.net/website-backups/"> Website Backups </a> <a class="link-child" href="https://sucuri.net/website-security-platform/help-now/"> Hack Assistance </a> <a class="link-child" href="https://sucuri.net/website-security-platform/signup"> Pricing </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/ddos-protection/"> Solutions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/ddos-protection/"> DDoS Protection </a> <a class="link-child" href="https://sucuri.net/malware-detection-scanning/"> Malware Detection </a> <a class="link-child" href="https://sucuri.net/website-malware-removal/"> Malware Removal </a> <a class="link-child" href="https://sucuri.net/intrusion-detection-system/"> Malware Prevention </a> <a class="link-child" href="https://sucuri.net/website-security-platform/blocklist-removal-and-repair/"> Blacklist Removal </a> <a class="link-child" href="https://sucuri.net/seo-spam-removal/"> SEO Spam Removal </a> <a class="link-child" href="https://sucuri.net/wordpress-security-plugin/"> Wordpress Security Plugin </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> USE CASES </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/developers/"> Developers </a> <a class="link-child" href="https://sucuri.net/ecommerce-website-security/"> Ecommerce </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Agency Plans </a> <a class="link-child" href="https://sucuri.net/custom/agency/"> Enterprise Services </a> <a class="link-child" href="https://sucuri.net/http-2-rapid-reset/"> HTTPS/2 </a> <a class="link-child" href="https://sucuri.net/virtual-patching/"> Virtual Patching </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://docs.sucuri.net/"> Support </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://docs.sucuri.net/"> Knowledge Base </a> <a class="link-child" href="https://sitecheck.sucuri.net/"> SiteCheck </a> <a class="link-child" href="https://sucuri.net/guides/"> Guides </a> <a class="link-child" href="https://labs.sucuri.net/"> Research Labs </a> <a class="link-child" href="https://abuse.sucuri.net/"> Report Abuse </a> <a class="link-child" href="https://status.sucuri.net/"> Status Report </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="https://sucuri.net/company/"> Company </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/company/"> About Sucuri </a> <a class="link-child" href="https://sucuri.net/company/contact-us/"> Contact </a> <a class="link-child" href="https://blog.sucuri.net/"> Blog </a> <a class="link-child" href="https://sucuri.net/referral/"> Referral </a> <a class="link-child" href="https://sucuri.net/partners/"> Partners </a> <a class="link-child" href="https://sucuri.net/customers/"> Testimonials </a> </div> </div> <div class="outer-item"> <a class="link-parent" href="#"> Definitions </a> <div class="inner-repeater-wrapper"> <a class="link-child" href="https://sucuri.net/definitions/"> Firewall </a> <a class="link-child" href="https://sucuri.net/definitions/"> Bots </a> <a class="link-child" href="https://sucuri.net/definitions/"> Security </a> </div> </div> </div> </div> <div class="policy-container"> <div class="flex-menu"> <a href="https://sucuri.net/terms/">Terms of Use</a> <a href="https://sucuri.net/privacy/">Privacy Policy</a> <a href="https://sucuri.net/cookies/">Do Not Sell My Personal Information</a> <a href="https://sucuri.net/faq/">Frequently Asked Questions</a> </div> </div> <p class="copyright">© 2024 GoDaddy Mediatemple, Inc., d/b/a Sucuri. All rights reserved.</p> <div class="back-to-top-mobile"> <a title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> </a> </div> <div class="back-to-top"> <div class="circle"> <a class="circle-flex" title="Going Top" href="#top"> <svg xmlns="http://www.w3.org/2000/svg" width="42" height="42" viewBox="0 0 42 42" fill="none"> <circle cx="21" cy="21" r="20.5" fill="#02141B" stroke="white"/> <path d="M21 17.3202L29.0133 24.7468C29.0779 24.8079 29.1546 24.8562 29.2389 24.889C29.3232 24.9217 29.4135 24.9382 29.5046 24.9375C29.5956 24.9368 29.6856 24.9188 29.7694 24.8848C29.8531 24.8507 29.9289 24.8012 29.9924 24.739C30.0559 24.6769 30.1058 24.6033 30.1393 24.5227C30.1728 24.442 30.1891 24.3558 30.1874 24.2691C30.1856 24.1824 30.1659 24.0969 30.1292 24.0175C30.0925 23.9381 30.0397 23.8664 29.9738 23.8066L21.4802 15.9358C21.3517 15.8167 21.1794 15.75 21 15.75C20.8206 15.75 20.6483 15.8167 20.5198 15.9358L12.0262 23.8066C11.9603 23.8664 11.9075 23.9381 11.8708 24.0175C11.8341 24.0969 11.8144 24.1824 11.8126 24.2691C11.8109 24.3558 11.8272 24.442 11.8607 24.5227C11.8942 24.6033 11.9441 24.6768 12.0076 24.739C12.0711 24.8012 12.1469 24.8507 12.2306 24.8848C12.3144 24.9188 12.4044 24.9368 12.4954 24.9375C12.5865 24.9382 12.6768 24.9217 12.7611 24.889C12.8454 24.8562 12.9221 24.8079 12.9867 24.7468L21 17.3202Z" fill="#13EAC0"/> </svg> <span> <p style="margin-top:0px !important; margin-bottom:0px !important;">back to top <svg xmlns="http://www.w3.org/2000/svg" width="20" height="10" viewBox="0 0 20 10" fill="none"> <path d="M10 1.57018L18.0133 8.99675C18.0779 9.0579 18.1546 9.10624 18.2389 9.13898C18.3232 9.17171 18.4135 9.1882 18.5046 9.18748C18.5956 9.18676 18.6856 9.16885 18.7694 9.13478C18.8531 9.10071 18.9289 9.05117 18.9924 8.98901C19.0559 8.92685 19.1058 8.85332 19.1393 8.77266C19.1728 8.692 19.1891 8.60582 19.1874 8.51911C19.1856 8.4324 19.1659 8.34688 19.1292 8.26749C19.0925 8.18811 19.0397 8.11644 18.9738 8.05663L10.4802 0.185786C10.3517 0.066655 10.1794 -3.93758e-07 10 -4.01598e-07C9.82063 -4.09439e-07 9.64833 0.0666549 9.51977 0.185786L1.02623 8.05663C0.960287 8.11644 0.907457 8.18811 0.870792 8.26749C0.834127 8.34688 0.814355 8.4324 0.812622 8.51911C0.810888 8.60582 0.827226 8.692 0.860693 8.77266C0.894159 8.85332 0.944088 8.92685 1.00759 8.98901C1.07109 9.05117 1.14691 9.10071 1.23065 9.13478C1.31438 9.16885 1.40439 9.18676 1.49544 9.18748C1.5865 9.1882 1.6768 9.17171 1.76112 9.13898C1.84544 9.10624 1.92211 9.0579 1.98669 8.99675L10 1.57018Z" fill="#13EAC0"/> </svg> </p> </span> </a> </div> </div> </div> </div> </div> </div> </div> </div> </section> </div> <script src="https://www.google.com/recaptcha/api.js?onload=onRecaptchaLoad&render=explicit" async defer></script> <script type='text/javascript'> // Define a function to be called when reCAPTCHA script is loaded function onRecaptchaLoad() { // Your code that uses grecaptcha var recaptchaElement = document.getElementsByClassName('g-recaptcha')[0]; if (recaptchaElement) { grecaptcha.render(recaptchaElement, { sitekey: '6LetGjkUAAAAAJZdUKrKJtingLJw5x0mY-O2VGf_', }); } else { console.error('reCAPTCHA element not found'); } } </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <link rel='stylesheet' id='e-sticky-css' href='https://sucuri.net/wp-content/plugins/elementor-pro/assets/css/modules/sticky.min.css?ver=3.25.2' type='text/css' media='all' /> <script type="text/javascript" defer="defer" src="https://cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js" id="slick-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/navigation.js?ver=1628779856" id="sucuriwp-navigation-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/themes/sucuriwp/js/skip-link-focus-fix.js?ver=1628779856" id="sucuriwp-skip-link-focus-fix-js"></script> <script type="text/javascript" defer="defer" src="https://sucuri.net/wp-content/themes/sucuriwp/js/script.min.js" id="sucuriwp-js-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/sticky/jquery.sticky.min.js?ver=3.25.2" id="e-sticky-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/lib/smartmenus/jquery.smartmenus.min.js?ver=1.2.1" id="smartmenus-js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/components/prism-core.min.js?ver=1.23.0" id="prismjs_core-js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/plugins/autoloader/prism-autoloader.min.js?ver=1.23.0" id="prismjs_loader-js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/plugins/normalize-whitespace/prism-normalize-whitespace.min.js?ver=1.23.0" id="prismjs_normalize-js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/plugins/toolbar/prism-toolbar.min.js?ver=1.23.0" id="prismjs_toolbar-js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/plugins/copy-to-clipboard/prism-copy-to-clipboard.min.js?ver=1.23.0" id="prismjs_copy_to_clipboard-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.25.2" id="elementor-pro-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.25.4" id="elementor-webpack-runtime-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.25.4" id="elementor-frontend-modules-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" id="elementor-pro-frontend-js-before"> /* <![CDATA[ */ var ElementorProFrontendConfig = {"ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","nonce":"d749db2ae0","urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/assets\/","rest":"https:\/\/sucuri.net\/wp-json\/"},"settings":{"lazy_load_background_images":true},"popup":{"hasPopUps":false},"shareButtonsNetworks":{"facebook":{"title":"Facebook","has_counter":true},"twitter":{"title":"Twitter"},"linkedin":{"title":"LinkedIn","has_counter":true},"pinterest":{"title":"Pinterest","has_counter":true},"reddit":{"title":"Reddit","has_counter":true},"vk":{"title":"VK","has_counter":true},"odnoklassniki":{"title":"OK","has_counter":true},"tumblr":{"title":"Tumblr"},"digg":{"title":"Digg"},"skype":{"title":"Skype"},"stumbleupon":{"title":"StumbleUpon","has_counter":true},"mix":{"title":"Mix"},"telegram":{"title":"Telegram"},"pocket":{"title":"Pocket","has_counter":true},"xing":{"title":"XING","has_counter":true},"whatsapp":{"title":"WhatsApp"},"email":{"title":"Email"},"print":{"title":"Print"},"x-twitter":{"title":"X"},"threads":{"title":"Threads"}},"facebook_sdk":{"lang":"en_US","app_id":""},"lottie":{"defaultAnimationUrl":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor-pro\/modules\/lottie\/assets\/animations\/default.json"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.25.2" id="elementor-pro-frontend-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-includes/js/jquery/ui/core.min.js?ver=1.13.3" id="jquery-ui-core-js"></script> <script type="text/javascript" id="elementor-frontend-js-before"> /* <![CDATA[ */ var elementorFrontendConfig = {"environmentMode":{"edit":false,"wpPreview":false,"isScriptDebug":false},"i18n":{"shareOnFacebook":"Share on Facebook","shareOnTwitter":"Share on Twitter","pinIt":"Pin it","download":"Download","downloadImage":"Download image","fullscreen":"Fullscreen","zoom":"Zoom","share":"Share","playVideo":"Play Video","previous":"Previous","next":"Next","close":"Close","a11yCarouselWrapperAriaLabel":"Carousel | Horizontal scrolling: Arrow Left & Right","a11yCarouselPrevSlideMessage":"Previous slide","a11yCarouselNextSlideMessage":"Next slide","a11yCarouselFirstSlideMessage":"This is the first slide","a11yCarouselLastSlideMessage":"This is the last slide","a11yCarouselPaginationBulletMessage":"Go to slide"},"is_rtl":false,"breakpoints":{"xs":0,"sm":480,"md":768,"lg":1025,"xl":1440,"xxl":1600},"responsive":{"breakpoints":{"mobile":{"label":"Mobile Portrait","value":767,"default_value":767,"direction":"max","is_enabled":true},"mobile_extra":{"label":"Mobile Landscape","value":880,"default_value":880,"direction":"max","is_enabled":false},"tablet":{"label":"Tablet Portrait","value":1024,"default_value":1024,"direction":"max","is_enabled":true},"tablet_extra":{"label":"Tablet Landscape","value":1200,"default_value":1200,"direction":"max","is_enabled":true},"laptop":{"label":"Laptop","value":1366,"default_value":1366,"direction":"max","is_enabled":false},"widescreen":{"label":"Widescreen","value":2400,"default_value":2400,"direction":"min","is_enabled":false}},"hasCustomBreakpoints":true},"version":"3.25.4","is_static":false,"experimentalFeatures":{"e_font_icon_svg":true,"additional_custom_breakpoints":true,"e_nested_atomic_repeaters":true,"e_optimized_control_loading":true,"e_onboarding":true,"e_css_smooth_scroll":true,"theme_builder_v2":true,"home_screen":true,"landing-pages":true,"nested-elements":true,"link-in-bio":true,"floating-buttons":true},"urls":{"assets":"https:\/\/sucuri.net\/wp-content\/plugins\/elementor\/assets\/","ajaxurl":"https:\/\/sucuri.net\/wp-admin\/admin-ajax.php","uploadUrl":"https:\/\/sucuri.net\/wp-content\/uploads"},"nonces":{"floatingButtonsClickTracking":"2b8879dc4b"},"swiperClass":"swiper-container","settings":{"page":[],"editorPreferences":[]},"kit":{"active_breakpoints":["viewport_mobile","viewport_tablet","viewport_tablet_extra"],"global_image_lightbox":"yes","lightbox_enable_counter":"yes","lightbox_enable_fullscreen":"yes","lightbox_enable_zoom":"yes","lightbox_enable_share":"yes","lightbox_title_src":"title","lightbox_description_src":"description"},"post":{"id":9238,"title":"OWASP%20Top%20Ten%3A%202021%20Edition","excerpt":"The OWASP Top Ten List has been updated this year! We outline the changes and what this means for website security best practices","featuredImage":"https:\/\/sucuri.net\/wp-content\/uploads\/2023\/02\/2022_Sucuri_Guide_OWASP-Top-10-Security-Risks-Vulnerabilities-2021-Edition-1024x481.png"}}; /* ]]> */ </script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.25.4" id="elementor-frontend-js"></script> <script type="text/javascript" src="https://sucuri.net/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.25.2" id="pro-elements-handlers-js"></script> <script> // Define the container ID const containerId = 'firewall-container'; // Get the container element const container = document.getElementById(containerId); // Function to toggle the state function toggleRadioButtonsInContainer() { if (container) { // Check if the radio buttons are inside the container const firewallInput = container.querySelector('#firewall'); const platformInput = container.querySelector('#platform'); if (firewallInput && platformInput) { // Make the 'firewall' radio button checked and set aria-checked to true firewallInput.checked = true; firewallInput.setAttribute('aria-checked', 'true'); // Make the 'platform' radio button unchecked and set aria-checked to false platformInput.checked = false; platformInput.setAttribute('aria-checked', 'false'); } else { console.warn('Radio buttons not found inside the container.'); } } else { console.warn(`Container with ID '${containerId}' not found.`); } } // Call the function to toggle the state toggleRadioButtonsInContainer(); </script> </body> </html>

CINXE.COM

OWASP Top Ten: 2021 Edition