The 2017 OWASP Top 10 list is based on the examination of over 2.3M vulnerabilities which have impacted 50,000 applications, and contains two large-scale vulnerability updates and updated attack scenarios. It serves as a standard guide of potential issues or all types of users, including those from the security industry since most video surveillance applications involve viewing of video over LAN/WAN using web browser while IP cameras and recorders have a web interface to initialize and configure the devices.
Among the Top 10 risks on the list, most of the known cyber security problems in security products can be linked to 5 entries (A2, A3, A5, A6, A9), including Broken Authentication and Session Management, Sensitive Data Exposure, Broken Access Control, Security Misconfiguration and Using Components with Known Vulnerabilities.
To cope with the aforementioned cyber security risks, Dahua Technology, the leading solution provider in the global video surveillance industry, is has already taken the following measures:
Dahua plans to strengthen system authentication on access control too. Almost every IP video device has authentication in place but weak or broken authentication can be exploited by attackers to gain control of the device. Likewise with broken access control, where restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorised functions and/or data, such as accessing other users' accounts, viewing sensitive files, modifying other users’ data, change access rights and so on.