Vulnerability Management

Products

System & Network Scanning

Find vulnerabilities in your entire infrastructure

Web Application Scanning

Find vulnerabilities in your web apps and APIs

Phishing & Awareness Training

Increase resilience against social engineering

Distribution Options

Cloud

Efficient and secure in the cloud

On-premise

Installed in your infra with local storage

Professional services

Success Program

Let our experts help you become successful

Penetration testing

Automated pen-testing

PCI DSS compliance

Meet compliance demands

Vulnerability Management Platform

Holm Security VMP

Take your tour
Solutions

Business needs

Industries

Compliance

Resources
Customers
Pricing
Partner

Information

Partner solutions

About us
Login

Security Center

Organizer

Start your trial account

System & Network Scanning

Systems, IoT, OT, SCADA etc.

Web App Scanning

All web apps and APIs.

Phishing Simulation

Build your human firewall.
Delivery option

Cloud
Delivery option

On-premise
Start your trial account

Pen. testing

Premium support

PCI compliance

Solutions

Resources

Partner

Pricing

About us

Pen. testing

Premium support

PCI compliance

Solutions

Business needs
AWS (Amazon Web Services)
COVID-19
IoT (Internet of Things)
Microsoft Azure
MSSP, MSP & SP (Service Providers)
OT, ICS, SCADA & PLC
SIEM integration
Social Engineering
Threat Intelligence
VAPT
Work from Home (WFH)
Risk Posture & Assessment
Risk-based Vulnerability Management
Industries
Education
Energy sector
Healthcare
Municipality
Retail & e-commerce
Shipping & maritime
Compliance
GDPR
HIPAA
ISO/IEC 27001
NIS
OWASP top 10
PCI DSS
Personal Data Protection Act
Personal Data Protection Bill
PSD2 (Payment Service Directive 2)
RMiT
SOX

Resources

Webinars
Blog
Customers
Support pages

Partner

Information
Become a partner
Partner Solutions
MSSP Partner Program
Managed SaaS

Pricing

About us

Our story
Join us
Management Team
Board
Contact

COMPLIANCE

OWASP top 10

The Open Web Application Security Project (OWASP) is a non-profit organization that was founded in 2001 and runs several different projects that promote security in applications. The organization is located all over the world and has over 30,000 members. 

The Open Web Application Security Project

One of OWASP's significant projects is OWASP top 10. This list was published for the first time in 2003 and is updated regularly. The latest version was released in 2018 and is called OWASP top 10 version 2017. The goal of the list is to raise awareness of application security by highlighting some of the most critical risks in web applications that organizations face.

According to the top 10 list, organizations ensure good security by scanning web applications such as websites, intranets, extranets, portals, and other web-based services for vulnerabilities.

Reports

Create reports that demonstrate compliance with OWASP top 10 version 2017.

Secure web applications

Make sure no vulnerabilities exist in your web applications with our service Web Application Scanning. 

Assess

With our support, we will help you understand all of your vulnerability exposures.

OWASP top 10 categories

A1: Injection

Injection attacks happen when untrusted data is sent to a code interpreter through a form input or some other data submission to a web application.

A2: Broken Authentication

Vulnerabilities in authentication systems can give attackers access to accounts and even the ability to compromise an entire system using an admin account.

A3: Sensitive Data Exposure

Sensitive data exposure occurs when an application, company, or other entity inadvertently exposes personal data.

A4: XML External Entities (XXE)

An XML parser can be duped into sending data to an unauthorized external entity, which can pass sensitive data directly to an attacker.

A5: Broken Access Control

Broken access controls allow attackers to bypass authorization and perform tasks as though they were privileged users such as administrators.

A6: Security Misconfiguration

On this list, security misconfiguration is the most common vulnerability. Is often the result of using default configurations or displaying verbose errors.

A7: Cross-Site Scripting (XSS)

Cross-site scripting vulnerabilities occur when web applications allow users to add custom code into a URL path or onto a website that will be seen by other users.

A8: Insecure Deserialization

Insecure deserialization exploit is the result of deserializing data from untrusted sources and can result in serious consequences like DDoS attacks and remote code execution attacks.

A9: Using Components with Known Vulnerabilities

Attackers can find security holes in components that could leave hundreds of thousands of sites vulnerable to exploitation.

A10: Insufficient Logging and Monitoring

Many web applications are not taking enough steps to detect data breaches. OWASP recommends implementing logging and monitoring of applications.