Ericom ZTEdge Named "Outperformer" on GigaOM Radar – Click Here! Learn How Web Application Isolation Secures 3rd Party/Unmanaged Devices – Click Here! Ericom Software and ZTEdge Win 5 Global InfoSec Awards – Click Here!

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #4 Insecure Design

Author Avatar


Posted on July 27, 2022

Insecure Design is a newer category of risk that debuted in 2021 as #4 on the list of OWASP Top 10 threats. It is a very broad category that covers a range of design flaws that result in missing or ineffective controls. In their introduction of this risk, OWASP stresses that because defects in design cannot be fixed by rigorous implementation, secure development lifecycles are essential when designing new apps.

But here’s the catch: Existing apps may not have been developed with secure development lifecycles in mind. They may have designed-in weaknesses and flaws such as error messages that contain sensitive data and insufficiently protected data or credential storage. Until these apps can be redesigned, securing them is essential.

To illustrate the risk posed by Insecure Design, I subject the fictional Juice Shop that I created on the HyperQube test platform to yet another attack. In this short demo, I manipulate the source code to change session storage values and the tokens that the application uses. Ericom Web Application Isolation (WAI), an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats, provides controls and policies that can secure apps immediately, as soon as a design flaw is uncovered. In this case, that means blocking session storage data visibility from prying eyes – and itchy trigger fingers.

Check out the demo right here to see how it’s done:

Share this on:

Author Avatar

About Dr. Chase Cunningham

Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for Ericom’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Recent Posts

Reducing Compliance Risk with WAI

Regulated industries like healthcare and financial services are facing an increasingly complex regulatory environment.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #10 Server Side Request Forgery

Dr. Chase Cunningham demos how cybercriminals scan for open ports, a step typically used for reconnaissance to plan an attack and find vulnerable targets.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #2 Cryptographic Storage and #8 Software and Data Integrity Failures

Dr. Chase Cunningham discusses how to quickly and easily address the security and compliance associated with a missed or bad SSL certificate.