This post is a continuation from my first Developer Blog post “PCI Check Up” – outlining the OWASP Top 10 web security vulnerabilities. We keep these security vulnerabilities in mind as we build out our own payments platform and provide integration points to our partner developers. In this post, I will review the number 9 OWASP web security vulnerability.
The number 9 vulnerability is Using Components with Known Vulnerabilities. Most modern web applications take advantage of third-party libraries or frameworks that facilitate application development. If those third-party components have vulnerabilities in them, then by extension any application that uses those components have security vulnerabilities. It seems fairly obvious, but many developers simply lose site of this concern.