How is Insufficient Attack Protection a Definite Threat/Risk to an Organization?
Recently, OWASP introduced two new set of categories as of 2017, April – to it’s OWASP Top 10:
- Insufficient Attack Protection
- Unprotected APIs
I understand, Unprotected APIs does have an immediate risk which involves proving a huge attack surface along with possibilities of data leakages, however, I fail to understand how Insufficient Attack Protection is any threat or a risk for a category?
Improving my focus, I would summarize quoted from scamdemy:
Insufficient Attack Protection refers to the inability to detect, prevent and respond to various kinds of attacks against the application as a whole. This – due to the large number of unaudited third-party components that may contain critical vulnerabilities – necessitates the use of generic security tools such as intrusion detection systems (IDS), and web application firewalls (WAF) that can identify an ongoing attack such as SQL injection. It focuses on the consequences instead of the root causes of the weaknesses.
Does this imply to having WAF set-up in direct connect to having a great attack surface area without the presence of Firewalls? If absence of a component is an immediate categorization need on OWASP Top 10. Not sure, how other’s aren’t affected by the same?
e.g. By not having WAF, certain levels of Injection(s) will be evident given that their is a flaw in application code.
Do i presume, this is a move for the security audit team to market their Firewall products keeping OWASP Top 10 as a reference? Or was it really necessary technically?
Continue reading How is Insufficient Attack Protection a Definite Threat/Risk to an Organization?