Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 16 May, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

OWASP patches path traversal flaw

The Open Web Application Project has fixed a vulnerability that could have been abused to run path traversal attacks

by Guru Writer
May 5, 2022
in Cyber Bites
computer screen displaying code
Share on FacebookShare on Twitter

The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks.

The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 2.3.0.0 release.

Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one in terms of ease of exploration and potential impact, it highlights an important point related to web and API security:

“There is no 100% security. It is very easy to write vulnerable code especially when it comes to web and API services – if it happens to OWASP – a world leading authority in the domain of web security, it can definitely happen to any of us. That doesn’t mean the OWASP did anything wrong of course, however if you come to this realization its also obvious that a single security control will never be enough, and as many layers will be added to secure your web services the less chances a vulnerable condition may occur.”

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

1000s of phishing emails sent from NHS inboxes

Next Post

One Identity Guest Blog – The password checklist

Recent News

man looking sad

Security pros say their mental health has declined

May 13, 2022
@ symbol

NCSC launches free email security check

May 12, 2022
warning colours

Five Eyes urges organisations to secure supply chains

May 12, 2022
industrial lab

CNI firms see cyberattack surge

May 11, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information