Product
Features Why Beagle Security? API Security Testing GraphQL Security Testing DevSecOps Compliance Cosmog: Private Tunnel WordPress Security Testing OWASP Security Testing Free Security Testing
Solutions
Pricing
Free tools
Website Security Assessment SSL Certificate Checker Domain Expiry Checker
Resources
Blog Developer Docs Help Center Guides Whitepapers Vulnerability Index Partners
Product tour
Blog Home
owasp
24 Jun 2018

Using Components with Known Vulnerabilities

24 Jun 2018

Components such as libraries, frameworks and other software modules are almost always run with full privileges. If a vulnerable component is exploited it ends up in serious data loss

Example

Components mostly run with the same privileges the application itself has so flaws in any component can seriously impact the application. Such flaws can be accidental like coding error or intentional like backdoor in component.

Impact

The full range of weaknesses is possible containing injection, broken access control, XSS, etc. This mighr end up in minimal to a complete host takeover and data compromise.

Mitigation / Precaution

  • Remove unused, components unnecessary features, files, and documentation, dependencies.

  • Only use components from official sources. Prefer usage of signed packages to reduce the chance of including a modified, malicious component.

  • Monitor the libraries and components that are unmaintained or of older versions. If patching is not possible, consider deploying a virtual patch to monitor, detect, or protect against issue.

PRODUCT TOUR



Latest Articles

Email injection attack: Impact, example & prevention
March 24 2023
What are the common REST API security vulnerabilities?
March 8 2023
The 7 Best Veracode Alternatives in the Market Today
February 6 2023
DAST vs SAST: What are the differences and how to combine them
January 26 2023
Internal Penetration Testing: The Definitive Guide [2023]
January 19 2023

Explore morearrow



Popular in Injection

WordPress Authenticated SQL Injection
June 29 2022
SQL injection(SQLi)
May 4 2022
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018

Explore morearrow

Categories

Client Side URL Redirect Cookies Attributes IBM SQL injection injection Time Based Blind SQL Injection SSL Injection CRLF Content Security Policy CSRF HSTS CORS Information Leakage status code SRI metadata X-XSS-Protection owasp XSS Clickjacking Cookies Directory traversal DOM XSS Blind SQL Injection SQL Injection XML Injection blog TLS WordPress web security SMB Cyber attacks AI Web server Wordpress Data Security DOMECTF2020 Container security CMS Security Code Execution Content security policy Htaccess Bypass DOMECTF2021 Press Webinar RFI DevSecOps Web Security Cyber Attacks DOMECTF2022 openssl HTTP headers Compliance AppSec
Related Articles
OWASP top ten 2017
owasp
OWASP top ten 2017
04 Jul 2022
Missing Function Level Access Control OWASP 2013
owasp
Missing Function Level Access Control OWASP 2013
24 Jun 2022
Sensitive Data Exposure OWASP 2013
owasp
Sensitive Data Exposure OWASP 2013
24 Mar 2022
OWASP Top 10 2021
owasp
OWASP Top 10 2021
29 Dec 2021
OWASP top ten 2013
owasp
OWASP top ten 2013
04 Jul 2018
Unvalidated Redirects and Forwards
owasp
Unvalidated Redirects and Forwards
24 Jun 2018
Sensitive Data Exposure
owasp
Sensitive Data Exposure
24 Jun 2018
Insufficient Logging And Monitoring
owasp
Insufficient Logging And Monitoring
24 Jun 2018
Insecure Direct Object References
owasp
Insecure Direct Object References
24 Jun 2018
Insecure Deserialization
owasp
Insecure Deserialization
24 Jun 2018
Broken Authentication
owasp
Broken Authentication
24 Jun 2018
Broken Access Control
owasp
Broken Access Control
24 Jun 2018