User talk:T.Gigler

From OWASP
Jump to: navigation, search

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 21:42, 30 January 2013 (UTC)




Everything below this line is test wiki markup and should be ignored.



{{LinkBar |useprev=2013PrevHeaderTabDeveloperEdition |prev=A6-Verlust der Vertraulichkeit sensibler Daten |lblprev=JAVA2 |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}


« JAVA2   JAVA2 »


    JAVA2 »
Design-Test
This Page has is up to date, but it may need a nicer design! Please help OWASP to FixME.

Tests with the 'Time' functon:
27.08.2014: Year = 2014
2014-08-28: 2014-Aug-28



FIRST DRAFT for Cheat Sheets:


Cheatsheets-header.jpg
Cheat Sheet

Last revision (mm/dd/yy): 09/30/2017

Introduction

1st box

Rules

2nd box

Example: Description
#example commands

Example Output


Related Articles

3rd box

Authors and Primary Editors

4th box

Other Cheatsheets


Top 10: Top Table Test

Threat Agents / Attack Vectors Security Weakness Impacts
App Specific Exploitability
DIFFICULT
Prevalence
UNCOMMON
Detectability
AVERAGE
Impact
SEVERE
Business ?

Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser.

The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability.

Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc.
The business impact depends on the protection needs of your application and data.