Difference between revisions of "Top 10 2010-Main"

From OWASP
Jump to: navigation, search
(OWASP Top 10 Application Security Risks 2010)
Line 5: Line 5:
 
{| cellspacing="1" cellpadding="1" border="1" width="95%"
 
{| cellspacing="1" cellpadding="1" border="1" width="95%"
 
|-
 
|-
| [[Top_10_2007-A1|A1-Injection]]
+
| [[Top_10_2010-A1|A1-Injection]]
 
|Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
 
|Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
 
|-
 
|-

Revision as of 17:20, 15 April 2010

««««
Top 10 Introduction
Top 10 Risks
»»»»

OWASP Top 10 Application Security Risks 2010

A1-Injection Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
A2-Cross Site Scripting (XSS)

A3- Broken Authentication and Session Management

A4-Insecure Direct Object References

A5-Cross Site Request Forgery (CSRF)

A6-Security Misconfiguration

A7-Failure to Restrict URL Access

A8-Unvalidated Redirects and Forwards

A9-Insecure Cryptographic Storage

A10-Insufficient Transport Layer Protection


««««
Top 10 Introduction
Top 10 Risks
»»»»

© 2002-2010 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png