The goal of every penetration test is to identify the possible weak spots in applications, servers, or networks; weak spots that could be an opportunity to gain sensitive information or privileged access for an attacker. The reason to detect such vulnerabilities is not only to know that they exist and calculate the risk attached to them, but also to make an effort to mitigate them or reduce them to the minimum risk level.
In this chapter, we will take a look at some examples and recommendations as to how to mitigate the most critical web application vulnerabilities according to OWASP as listed at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project.
