Difference between revisions of "Category:Vulnerability"

From OWASP
Jump to: navigation, search
m
(11 intermediate revisions by 8 users not shown)
Line 1: Line 1:
'''Application Security Vulnerability Types'''
+
This category is for tagging common types of software vulnerabilities.
  
This category is for common types of software vulnerabilities, both design flaws and implementation bugs. OWASP takes the position that there is no single best taxonomy into which these articles can be organized. Instead, we tag our articles with all the attributes that apply to allow for better searching and sorting.
+
{{Social Media Links}}
 +
 
 +
==What is a vulnerability?== 
 +
<categorytree hideroot="on" style="float:right; clear:right; margin-left:1ex; border:1px solid gray; padding:0.7ex; background-color:white;">Vulnerability</categorytree>
 +
A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application.  The term "vulnerability" is often used very loosely. However, here we need to distinguish [[:Category:Threat|threats]], [[:Category:Attack|attacks]], and [[:Category:Countermeasure|countermeasures]].
  
 
Please '''do not post any actual vulnerabilities''' in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.
 
Please '''do not post any actual vulnerabilities''' in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.
  
{{Template:PutInCategory}}
+
==Examples of vulnerabilities==
 
+
* Lack of input validation on user input
==Vulnerabilities==
+
* Lack of sufficient logging mechanism
We're working on ways to allow you to sort these articles on a single dimesion, such as the associated threat, countermeasure, or impact.
+
* Fail-open error handling
 
+
* Not closing the database connection properly
  
 
For a great overview, check out the [[OWASP Top Ten Project]]. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security.
 
For a great overview, check out the [[OWASP Top Ten Project]]. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security.
  
Every article has a defined structure. Please read the details of [[How To Add a Vulnerability]] before creating a new article.
+
{{Template:PutInCategory}}
  
 +
'''NOTE:''' Before you add a vulnerability, please search and make sure there isn't an equivalent one already. You may want to consider creating a redirect if the topic is the same. Every vulnerability article has a defined structure. Please read the details of [[How To Add a Vulnerability]] before creating a new article.
  
 
[[Category:Article Type]]
 
[[Category:Article Type]]
 +
[[Category:OWASP Honeycomb Project]]

Revision as of 13:29, 9 December 2011

This category is for tagging common types of software vulnerabilities.


What is a vulnerability?

A vulnerability is a hole or a weakness in the application, which can be a design flaw or an implementation bug, that allows an attacker to cause harm to the stakeholders of an application. Stakeholders include the application owner, application users, and other entities that rely on the application. The term "vulnerability" is often used very loosely. However, here we need to distinguish threats, attacks, and countermeasures.

Please do not post any actual vulnerabilities in products, services, or web applications. Those disclosure reports should be posted to bugtraq or full-disclosure mailing lists.

Examples of vulnerabilities

  • Lack of input validation on user input
  • Lack of sufficient logging mechanism
  • Fail-open error handling
  • Not closing the database connection properly

For a great overview, check out the OWASP Top Ten Project. You can read about the top vulnerabilities and download a paper that covers them in detail. Many organizations and agencies use the Top Ten as a way of creating awareness about application security.

How to add a new Vulnerability article

You can follow the instructions to make a new Vulnerability article. Please use the appropriate structure and follow the Tutorial. Be sure to paste the following at the end of your article to make it show up in the Vulnerability category:

[[Category:Vulnerability]]

NOTE: Before you add a vulnerability, please search and make sure there isn't an equivalent one already. You may want to consider creating a redirect if the topic is the same. Every vulnerability article has a defined structure. Please read the details of How To Add a Vulnerability before creating a new article.

Subcategories

This category has the following 23 subcategories, out of 23 total.

Pages in category "Vulnerability"

The following 169 pages are in this category, out of 169 total.

A

B

C

D

E

F

G

H

I

I cont.

J

K

L

M

N

O

P

P cont.

R

S

T

U

V

W

X