Recently we rolled out some changes to add OWASP Top 10 findings in Glasstrail. This adds to the functionality of Glasstrail with several key OWASP Top 10 findings in the dashboard as we track and report on more of these risks.  We’re doing this to add further depth to the scanning so you can see more of the gaps and tighten upyour security.  We already tracked some of the most important risks and this change further rounds that out.

 

What is OWASP Top 10?

The OWASP Top 10 represents a broad consensus on what are the most critical security risks to web applications. The risks are tracked by OWASP.org.

Some OWASP flaws can only be found by looking at the code of an application, but many are detectable via external scan, so it makes sense to add them to Glasstrail where we can. 

What will you see?

We have a curated set of OWASP findings based on what we most commonly see across our customers. We intend to expand our findings, alongside a plain language description of the issue and how to fix it, over time. For now we have a select collection of the risks including the high-severity ones like content security policies that are overly permissive, insecure cookies, and cross-origin resource sharing (CORS) that is too permissive.

Actionable descriptions to help you

Our philosophy is to make security topics more approachable and provide a clear steer on where to focus your efforts.

OWASP findings can be technical and difficult to understand. Although there are only 10 top-line categories of issues, dozens of different things can trigger a finding in each of those categories.

Our plain language description of the issue and how to fix it gives a helping hand when it comes to solving the issue.  

 

Why are OWASP Top 10 findings important?

The findings outlined in the OWASP Top 10 are all risks assessed by a global consensus of security experts as the most common weaknesses that get exploited. The OWASP Top 10 covers areas like broken access controls, cryptographic failures, injections, and security misconfigurations. Knowing how your ever-changing internet-facing assets stack up alongside these findings is critical to securing your data.


What’s next for Glasstrail?

This update is an essential step in rounding out our scan functionality. In the coming months, we’ll be including more OWASP Top 10 findings.

Want to see how your domain stacks up against the OWASP framework? Start with a free 14-daytrial today.