Top 10 2010-Main

From OWASP
Revision as of 17:08, 15 April 2010 by Neil Smithline (talk | contribs)

Jump to: navigation, search

NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.

««««
Top 10 Introduction
Top 10 Risks
»»»»

OWASP Top 10 Application Security Risks 2010

A1-Injection Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
A2-Cross Site Scripting (XSS)

A3- Broken Authentication and Session Management

A4-Insecure Direct Object References

A5-Cross Site Request Forgery (CSRF)

A6-Security Misconfiguration

A7-Failure to Restrict URL Access

A8-Unvalidated Redirects and Forwards

A9-Insecure Cryptographic Storage

A10-Insufficient Transport Layer Protection


««««
Top 10 Introduction
Top 10 Risks
»»»»

© 2002-2010 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png