Snyk Top 10

At Snyk, we think that every developer that’s serious about security should be familiar with the OWASP Top 10 to ensure that their applications are safe from bad actors. And to help those security-conscious developers further, we will be releasing a series of Snyk Top 10 lists based on the data available to us from scans run by our users. In this Learning Path, we’ll be taking a look at the Snyk Top 10 Open Source Vulnerabilities. It’s important to note that we’re looking at specific vulnerability types, not grouping them as OWASP does.

Save your learning progress.

  • Track your learning progress
  • Keep up to date with the latest vulnerabilities
  • Scan your application code to stay secure
Sign up for free

Denial of service

Denial of service (DoS) attacks are used to shut down access to a network or server by bombarding the target with so many requests that it’s unable to process the load. Both Google and AWS experienced large scale DoS attacks recently, but this type of attack isn’t just reserved for major cloud providers.

Remote code execution

These attacks occur when a bad actor is able to run commands from a remote system that they shouldn’t have access to. RCEs can occur a few ways, including through the use of malware or by exploiting a vulnerable library that hasn’t been patched. This vulnerability allows attackers to exploit a server or an application using their code on the server or application.

Deserialization of untrusted data

Deserialization of untrusted data is when an application deserializes untrusted data without sufficiently verifying that the resulting data will be valid, thus allowing the attacker to control the state or the flow of the execution. A Java deserialization vulnerability occurs when a malicious user tries to insert a modified serialized object into the system in order to compromise the system or it’s data.

SQL injection

SQL Injection is a type of vulnerability when an application takes inputs from the user without validating and passes on the database to process. This allows an attacker to add untrusted data to a database query. For instance, when filling in a web form, a SQL injection could allow an attacker to create user input to steal valuable data, bypass authentication, or corrupt records.

Prototype pollution

This is a vulnerability affecting JavaScript, and it refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered. An attacker manipulates these attributes to overwrite (pollute) a JavaScript application object prototype of the base object by injecting other values.

Insecure temporary file

Insecure temporary files are, well, exactly what they sound like. With this type of vulnerability, temporary files containing sensitive information are created with incorrect permissions or in folders that lack proper permissions. This would fall under the class of vulnerability that OWASP refers to as broken access control

Directory/path traversal

A directory traversal (a.k.a. path traversal) attack aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the filesystem; including application source code, configuration, and other critical system files.

Privilege escalation

Privilege escalation is another type of OWASP’s broken access control vulnerability. In this case, access controls are bypassed by an attacker to gain increased permissions to a resource.

Regular expression denial of service (ReDoS)

Regular expression denial of service (ReDoS) vulnerabilities are a type of DoS attack. Regular expressions (regex) are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down. The goal of the attack is bog the target server by having it process a bulk, invalid regex statement.

NULL pointer dereference

And finally, the 10th most frequently found high/critical vulnerability found during Snyk scans was null pointer dereference. Additionally, this was the top high/critical vulnerability in Go as well as being one of the most common vulnerabilities in C and C++. This vulnerability occurs when an application attempts to dereference a point that it expects to be valid, but finds a null value instead, which creates a crash. This crash then creates a denial of service flaw.