Ericom ZTEdge Named "Outperformer" on GigaOM Radar – Click Here! Learn How Web Application Isolation Secures 3rd Party/Unmanaged Devices – Click Here! Ericom Software and ZTEdge Win 5 Global InfoSec Awards – Click Here!

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #1 Broken Access Control

Author Avatar

by

Posted on July 20, 2022

I recently created a fictional Juice Shop to demonstrate an innovative isolation-based solution for protecting web applications from the most dangerous threats, as ranked in the OWASP Top 10. The Juice Shop app, which he developed on the HyperQube test platform, is designed to be super vulnerable – with “as many holes as Swiss cheese.”

In the short demo below, the first of a series in which I attack my own Juice Shop in various ways, I present a scenario for “Broken Access Control” – #1 in OWASP’s 2021 list.

Without proper protection, a directory traversal attack, in which a threat actor simply modifies the URL to bypass security controls and access files and directories that are exposed by the application’s backend. This method is one of the most common attacks enabled by broken access control. It is among the easiest ways to gain access to files on a server that is running an application and once in, steal data, modify files, or possibly find valuable exposed information on the backend of the application.

Ericom Web Application Isolation (WAI) is an innovative cloud-delivered security solution that isolates web/cloud applications and their APIs from cyber-threats – think of it as a “next-gen” WAF solution. WAI can be used to apply policy-based restrictions that control which links a user can reach, and what actions they can – and cannot – take. But don’t take our word for it. Check out the demo below!


Share this on:

Author Avatar

About Dr. Chase Cunningham

Creator of the Zero Trust eXtended framework and a cybersecurity expert with decades of operational experience in NSA, US Navy, FBI Cyber, and other government mission groups, Chase is responsible for Ericom’s overall strategy and technology alignment. Chase was previously VP and Principal Analyst at Forrester Research; Director of Threat Intelligence for Armor; Director of Cyber Analytics for Decisive Analytics; and Chief Cryptologic Technician, US Navy. He’s author of the Cynja series and Cyber Warfare: Truth, Tactics, and Strategies.

Recent Posts

Reducing Compliance Risk with WAI

Regulated industries like healthcare and financial services are facing an increasingly complex regulatory environment.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #10 Server Side Request Forgery

Dr. Chase Cunningham demos how cybercriminals scan for open ports, a step typically used for reconnaissance to plan an attack and find vulnerable targets.

Addressing the OWASP Top 10 Application Security Risks with Web Application Isolation: #4 Insecure Design

Dr. Chase Cunningham manipulates the source code to change session storage values and the token the fictional Juice Shop uses, then demos the WAI security solution.