SecurityWorldMarket

10/01/2018

Dahua stresses the relevance of OWASP list for security industry

Hangzhou, China

The Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organisation dedicated to improving the security of software, has released the latest 2017 OWASP Top 10 last month. This list, produced every four years since 2003 consists of the ten most critical web application security risks and is complied with the aim of keeping pace with the ever higher demands on cyber security and interconnected operating systems.

The 2017 OWASP Top 10 list is based on the examination of over 2.3M vulnerabilities which have impacted 50,000 applications, and contains two large-scale vulnerability updates and updated attack scenarios. It serves as a standard guide of potential issues or all types of users, including those from the security industry since most video surveillance applications involve viewing of video over LAN/WAN using web browser while IP cameras and recorders have a web interface to initialize and configure the devices.

Among the Top 10 risks on the list, most of the known cyber security problems in security products can be linked to 5 entries (A2, A3, A5, A6, A9), including Broken Authentication and Session Management, Sensitive Data Exposure, Broken Access Control, Security Misconfiguration and Using Components with Known Vulnerabilities.

To cope with the aforementioned cyber security risks, Dahua Technology, the leading solution provider in the global video surveillance industry, is has already taken the following measures:

Dahua plans to strengthen system authentication on access control too. Almost every IP video device has authentication in place but weak or broken authentication can be exploited by attackers to gain control of the device. Likewise with broken access control, where restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorised functions and/or data, such as accessing other users' accounts, viewing sensitive files, modifying other users’ data, change access rights and so on.


Product Suppliers
Back to top