Template:Top 10 2010:ByTheNumbers

From OWASP
Jump to: navigation, search

Usage:

 {{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}
<!-- the 'type=short' is opional (used for '+RF') --->


Example:

 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 {{Top_10_2010:ByTheNumbers|2|year=2013}}             <!-- Default-Language = English --->
 {{Top_10_2010:ByTheNumbers|2|language=de}}           <!-- Default-Year = 2010 --->
 {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}  <!-- Type = short --->


Number English 2010 German 2010 English 2013 German 2013 English 2017
1 Injection Injection Injection Injection Injection
2 Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Broken Authentication
3 Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Sensitive Data Exposure
4 Insecure Direct Object References Unsichere direkte Objektreferenzen Insecure Direct Object References Unsichere direkte Objektreferenzen XML External Entities (XXE)
5 Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Broken Access Control
6 Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Sensitive Data Exposure Verlust der Vertraulichkeit sensibler Daten Security Misconfiguration
7 Insecure Cryptographic Storage Kryptografisch unsichere Speicherung Missing Function Level Access Control Fehlerhafte Autorisierung auf Anwendungsebene Cross-Site Scripting (XSS)
8 Failure to Restrict URL Access Mangelhafter URL-Zugriffsschutz Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Insecure Deserialization
9 Insufficient Transport Layer Protection Unzureichende Absicherung der Transportschicht Using Components with Known Vulnerabilities Benutzen von Komponenten mit bekannten Schwachstellen Using Components with Known Vulnerabilities (short: Vulnerable Components)
10 Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Insufficient Logging&Monitoring
11 In Progress In Arbeit In Progress In Arbeit In Progress