Difference between revisions of "Germany/Projekte/Top 10 fuer Entwickler-2013/Details zu Risiko-Faktoren"

From OWASP
Jump to: navigation, search
m (riskLarge)
m (Navigation angepasst; Überschrift mithilfe 'Top_10_2010:SubsectionColoredTemplate' hinzugefügt)
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
{{Top_10_2010_Developer_Edition_De:TopTemplate
+
{{Top_10_2013_DeveloperEdition:TopTemplate
    |useprev=PrevLink_Germany_Projekte
+
  |useprev=2013PrevLinkDeveloperEdition
    |usenext=Nothing
+
  |usenext=Nothing
    |prev=Top 10 fuer Entwickler/{{Top_10:LanguageFile|text=noteAboutRisks|language=de}}
+
  |prev={{Top_10:LanguageFile|text=noteAboutRisks|language=de}}
    |next=
+
  |next=
 +
  |year=2013
 +
  |language=de
 
}}
 
}}
==TEST-TEST TEST -- Seite in Bearbeitung (BAUSTELLE!!) TEST-TEST TEST==
 
  
 +
{{Top_10_2010:SubsectionColoredTemplate
 +
      |{{Top_10:LanguageFile|text=detailsAboutRiskFactors|language=de}}
 +
      ||year=2013
 +
}}
 
{{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=itsAboutRisksNotWeaknesses|language=de}}|width=100%|year=2013}}
 
{{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=itsAboutRisksNotWeaknesses|language=de}}|width=100%|year=2013}}
===!!2013!!=== => Links funktionieren nur für A1, A4 & A10!!! => tbd <!---- temporär --->
 
 
<center>
 
<center>
 
<table style="align:center; border-collapse: collapse; text-align:center; margin: 0px 5px 0px 5px; border: 3px solid #444444;  
 
<table style="align:center; border-collapse: collapse; text-align:center; margin: 0px 5px 0px 5px; border: 3px solid #444444;  
Line 24: Line 28:
 
</tr>
 
</tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}|A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A1-{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}|A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A2 {{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2 {{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A2-{{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2 {{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=2|impact=1|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=2|impact=1|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A3 {{Top_10_2010:ByTheNumbers|3|language=de|year=2013}}|A3 {{Top_10:LanguageFile|text=xssShort|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A3-{{Top_10_2010:ByTheNumbers|3|language=de|year=2013}}|A3 {{Top_10:LanguageFile|text=xssShort|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=1|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=1|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A4 {{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4 {{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>?</b></td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A4-{{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4 {{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A5 {{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5 {{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A5-{{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5 {{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A6 {{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6 {{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A6-{{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6 {{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A7 {{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7 {{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A7-{{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7 {{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A8 {{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8 {{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A8-{{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8 {{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A9 {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9 {{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A9-{{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9 {{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=3|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=3|impact=2|language=de|year=2013}}
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
 
<td style="border: 3px solid #444444"><b>?</b></td></tr>
  
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A10 {{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10 {{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td>
+
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A10-{{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10 {{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
<td style="border: 3px solid #444444;"><b>?</b></td>
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=de|year=2013}}
 
   {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=de|year=2013}}
Line 87: Line 91:
 
* [https://www.owasp.org/index.php/Privacy_Violation  User Privacy]
 
* [https://www.owasp.org/index.php/Privacy_Violation  User Privacy]
 
{{Top_10:SubsectionTableEndTemplate}}
 
{{Top_10:SubsectionTableEndTemplate}}
 
+
{{Top_10_2013_DeveloperEdition:BottomAdvancedTemplate
{{Top_10_2010_Developer_Edition_De:BottomAdvancedTemplate
+
  |type=0
    |type=0
+
  |useprev=2013PrevLinkDeveloperEdition
    |useprev=PrevLink_Germany_Projekte
+
  |usenext=Nothing
    |usenext=Nothing
+
  |prev={{Top_10:LanguageFile|text=noteAboutRisks|language=de}}
    |prev=Top 10 fuer Entwickler/{{Top_10:LanguageFile|text=noteAboutRisks|language=de}}
+
  |next=
    |next=
+
  |year=2013
 +
  |language=de
 
}}
 
}}

Latest revision as of 08:39, 17 July 2013

BAUSTELLE! Hier entsteht das deutsche Wiki der OWASP Top 10 fuer Entwickler-2013

← Anmerkungen zum Risikobegriff
Top 10 fuer Entwickler-2013: Inhaltsverzeichnis

Die Top-10-Risiken

 
Details zu Risiko-Faktoren
Es geht nicht um Schwachstellen, sondern um Risiken
RISIKO Bedrohungsquelle Angriffsvektor Schwachstellen
(Verbreitung)
Schwachstellen
(Auffindbarkeit)
Technische Auswirkung Auswirkung auf das Unternehmen
A1 Injection ? EINFACH HÄUFIG DURCHSCHNITTLICH SCHWERWIEGEND ?
A2 Authentisierung ? DURCHSCHNITTLICH SEHR HÄUFIG DURCHSCHNITTLICH SCHWERWIEGEND ?
A3 XSS ? DURCHSCHNITTLICH AUSSERGEWÖHNLICH HÄUFIG EINFACH MITTEL ?
A4 Unsichere direkte Objektreferenzen? EINFACH HÄUFIG EINFACH MITTEL ?
A5 Fehlkonfiguration ? EINFACH HÄUFIG EINFACH MITTEL ?
A6 Sens. Data ? SCHWIERIG SELTEN DURCHSCHNITTLICH SCHWERWIEGEND ?
A7 Fehlerh. Autorisierung ? EINFACH HÄUFIG DURCHSCHNITTLICH MITTEL ?
A8 CSRF ? DURCHSCHNITTLICH HÄUFIG EINFACH MITTEL ?
A9 Komponenten mit Schwachstellen ? DURCHSCHNITTLICH SEHR HÄUFIG SCHWIERIG MITTEL ?
A10 Ungepr. Weiterltg. ? DURCHSCHNITTLICH SELTEN EINFACH MITTEL ?


Weitere betrachtenswerte Risiken
← Anmerkungen zum Risikobegriff
Top 10 fuer Entwickler-2013: Inhaltsverzeichnis

Die Top-10-Risiken

 

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png