The Open Web Application Security Project (OWASP) has patched a vulnerability in its Enterprise Security API (ESAPI) that, if neglected, could have been abused to run path traversal attacks.

The flaw, which had a security severity rating of 7.5 out of 10 and involved the ESAPI validator interface, can be resolved by applying the patched 2.3.0.0 release.

Yaniv Balmas, VP of Research at Salt Security, notes that while the vulnerability is a relatively moderate one in terms of ease of exploration and potential impact, it highlights an important point related to web and API security:

“There is no 100% security. It is very easy to write vulnerable code especially when it comes to web and API services – if it happens to OWASP – a world leading authority in the domain of web security, it can definitely happen to any of us. That doesn’t mean the OWASP did anything wrong of course, however if you come to this realization its also obvious that a single security control will never be enough, and as many layers will be added to secure your web services the less chances a vulnerable condition may occur.”

The post OWASP patches path traversal flaw appeared first on IT Security Guru.

source

You May Also Like

MPs say some illegal content could evade new Online Safety Bill

The government has claimed that its newly introduced Online Safety Bill will…

Russia-Ukraine escalation of tensions: FBI calls for reports of uptick in cyber activit

The FBI is asking US businesses to report any uptick in Russian…

DSbD claims UK is on the path to “cyber disaster”

Professor John Goodacre, challenge director – Digital Security by Design, UKRI, and…