Difference between revisions of "Top 10 2010-Main"

From OWASP
Jump to: navigation, search
(Created page with '{{Top_10_2010:TopTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}} == OWAS…')
 
Line 5: Line 5:
 
{| cellspacing="1" cellpadding="1" border="1" width="95%"
 
{| cellspacing="1" cellpadding="1" border="1" width="95%"
 
|-
 
|-
| A1-Injection<br>
+
| [[Top_10_2007-A1|A1-Injection]
| <br>
+
|Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
 
|-
 
|-
 
| A2-Cross Site Scripting (XSS)<br>  
 
| A2-Cross Site Scripting (XSS)<br>  

Revision as of 17:08, 15 April 2010

««««
Top 10 Introduction
Top 10 Risks
»»»»

OWASP Top 10 Application Security Risks 2010

[[Top_10_2007-A1|A1-Injection] Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
A2-Cross Site Scripting (XSS)

A3- Broken Authentication and Session Management

A4-Insecure Direct Object References

A5-Cross Site Request Forgery (CSRF)

A6-Security Misconfiguration

A7-Failure to Restrict URL Access

A8-Unvalidated Redirects and Forwards

A9-Insecure Cryptographic Storage

A10-Insufficient Transport Layer Protection


««««
Top 10 Introduction
Top 10 Risks
»»»»

© 2002-2010 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png