Difference between revisions of "OWASP Top 10/Mapping to WHID"

From OWASP
Jump to: navigation, search
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Here is a mapping of the [[OWASP Top 10]] entries to the [http://projects.webappsec.org/w/page/13246995/Web-Hacking-Incident-Database WASC Web Hacking Incident Database (WHID)]:
+
Here is a mapping of the [[https://www.owasp.org/index.php/Top_10_2013 | OWASP Top 10 - 2013]] to example real world entries in the [https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project OWASP/WASC Web Hacking Incident Database (WHID)]:
  
 
* A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
 
* A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
* A2: Cross-site Scripting - http://www.google.com/fusiontables/DataSource?snapid=S208907th50
+
* A2: Broken Authentication and Session Management - https://www.google.com/fusiontables/DataSource?snapid=S1536601kboC
* A3: Broken Authentication and Session Management - http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
+
* A3: Cross-site Scripting - https://www.google.com/fusiontables/DataSource?snapid=S856202bP-1
 
* A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz  
 
* A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz  
* A5: Cross-site Request Forgery - http://www.google.com/fusiontables/DataSource?snapid=S203191wChw&pli=1
+
* A5: Security Misconfiguration - http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
* A6: Security Misconfiguration - http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
+
* A6: Sensitive Data Exposure - http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
* A8: Failure to Restrict URL Access - http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
+
* A7: Missing Function Level Access Control - http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
* A9: Insufficient Transport Layer Protection - http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
+
* A8: Cross-site Request Forgery - https://www.google.com/fusiontables/DataSource?snapid=S856204sdBi
 +
* A9: Using Components with Known Vulnerabilities - https://www.google.com/fusiontables/DataSource?snapid=S1536701c0JG
 
* A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5
 
* A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5

Latest revision as of 14:50, 12 March 2015

Here is a mapping of the [| OWASP Top 10 - 2013] to example real world entries in the OWASP/WASC Web Hacking Incident Database (WHID):