GeneXus Community Wiki
MENU
PAGE INFO
PAGE TOOLS
Add a category
Add a group
CREATE NEW PAGE
TBWelcome
Login
Register
Settings
Change Password
Logout
Search
Recents
i
Text Block
Managing OWASP Top 10 2017 in GeneXus Applications
Page Id
39915
A1: 2017 - Injection
A2:2017 - Broken Authentication
A3:2017 - Sensitive Data Exposure
A4:2017 - XML External Entities (XXE)
A5:2017 - Broken Access Control
A6:2017 - Security Misconfiguration
A7:2017 - Cross-Site Scripting (XSS)
A8:2017 - Insecure Deserialization
A9:2017 - Using Components with Known Vulnerabilities
A10:2017 - Insufficient Logging and Monitoring
Security Scanner built-in tool
GeneXus Security Scanner extension
GeneXus Security Scanner extension - Advanced Configurations
OWASP Top 10 2017 Security Scanner extension - Reference Table
A6:2017 - Security Misconfiguration
This documentation is valid for:
OWASP Documentation
Actions by GeneXus
GeneXus doesn't take any actions over the production environment.
Actions by Developers
Some GeneXus properties can disable controls. Inspect the properties values manually before deploy.
Configure the
JavaScript Debug Mode
property on No.
Security Scanner helps to detect this scenario with case code #106.
Keep updated server's software.
Avoid installing unnecessary functionalities on the server.
Set properly permissions over the application web directories. Check permissions given for the application Temp directories (see
Temp media directory
and
Blob Local Storage Directory
properties).
Set properly permissions for the Data Base User at minimum needed.
Application server and framework hardening is recommended.
Change the default cipher keys. The random key generation is adviced.
Use different cipher keys for each application.
Musn't have any development/test credentials over the production environment.
Security Scanner - Detections:
Comunication: HTTP Protocol (#105), HttpResponse data type usage (#109).
Page Id
39909
Anchor
Next →
NextNode
Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Sure!
No
Additional feedback?
comment
Thank you for your feedback!
Backlinks
See all
Forward links
See all
More from sgrampone
See all
Contributions by
EDIT
—
CREATED: 3 JULY 2018 07:08 PM -
UPDATED: 4 MARCH 2021
06:26 PM
BY
SGRAMPONE