Difference between revisions of "Top 10 2010-A4-Insecure Direct Object References"

From OWASP
Jump to: navigation, search
(Replaced content with 'ASVS')
Line 1: Line 1:
{{Top_10_2010:TopTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}}
+
[[http://www.owasp.org/index.php/ASVS#tab=Download|ASVS]]
 
+
<center>
+
{| style="align:center; text-align:center; border:2px solid #4F81BD; background-color:#F2F2F2;"
+
|- style="background-color: #4F81Bd; color: #000000;"
+
! Threat Agents !! Attack Vectors !! Security Weakness !! Weakness Detectability !! Technical Impact !! Business Impacts
+
|-
+
| style="background-color: #D9D9D9; color: #000000;" | ______
+
| style="background-color: #FF0000; color: #000000;" | Exploitability<br>EASY
+
| style="background-color: #FFB200; color: #000000;" | Prevalence<br>COMMON
+
| style="background-color: #FFB200; color: #000000;" | Detectability<br>AVERAGE
+
| style="background-color: #FF0000; color: #000000;" | Impact<br>SIMPLE
+
| style="background-color: #D9D9D9; color: #000000;" | ______
+
|-
+
|
+
|
+
|
+
|
+
|
+
|
+
|}
+
</center>
+
 
+
{{Top_10_2010:SubsectionVulnerableTemplate|Injection|a}}
+
{{Top_10_2010:SubsectionPreventionTemplate|Injection|b}}
+
{{Top_10_2010:SubsectionExampleTemplate|Injection|c}}
+
{{Top_10_2010:SubsectionReferencesTemplate|Injection|d}}
+
 
+
 
+
{{Top_10_2010:BottomTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}}
+

Revision as of 19:42, 18 April 2010

[[1]]