Difference between revisions of "Top 10 2013-A1-Injection"

From OWASP
Jump to: navigation, search
m (moved Top 10 2013-Injection to Top 10 2013-A1: Incorrectly named)
Line 1: Line 1:
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
{{Top_10_2013:TopTemplate|usenext=2013NextLink|next=A2-Cross-Site Scripting (XSS)|useprev=2013PrevLink|prev=Main}}
+
{{Top_10_2013:TopTemplate
 +
    |usenext=2013NextLink
 +
    |next={{Top_10_2010:ByTheNumbers
 +
              |2
 +
              |year=2013}}
 +
    |useprev=2013PrevLink
 +
    |prev=Main
 +
}}
  
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
Line 15: Line 22:
 
{{Top_10_2010:SummaryTableEndTemplate}}
 
{{Top_10_2010:SummaryTableEndTemplate}}
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=1|risk=1}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=1|risk=1|year=2013}}
 
blank
 
blank
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=2|risk=1}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=2|risk=1|year=2013}}
 
blank
 
blank
 
#blankBullet1
 
#blankBullet1
 
#blankBullet2
 
#blankBullet2
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=3|risk=1}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=3|risk=1|year=2013}}
 
blank
 
blank
 
{{Top_10_2010:ExampleBeginTemplate}}<span style="color:red;">blank code</span>{{Top_10_2010:ExampleEndTemplate}}
 
{{Top_10_2010:ExampleBeginTemplate}}<span style="color:red;">blank code</span>{{Top_10_2010:ExampleEndTemplate}}
Line 27: Line 34:
 
{{Top_10_2010:ExampleBeginTemplate}}<nowiki>http://example.com/app/accountView?id=</nowiki><span style="color: red;">' or '1'='1</span>{{Top_10_2010:ExampleEndTemplate}}
 
{{Top_10_2010:ExampleBeginTemplate}}<nowiki>http://example.com/app/accountView?id=</nowiki><span style="color: red;">' or '1'='1</span>{{Top_10_2010:ExampleEndTemplate}}
 
blank
 
blank
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=4|risk=1}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=4|risk=1|year=2013}}
 
{{Top_10_2010:SubSubsectionOWASPReferencesTemplate}}
 
{{Top_10_2010:SubSubsectionOWASPReferencesTemplate}}
 
* [[SQL_Injection_Prevention_Cheat_Sheet | OWASP SQL Injection Prevention Cheat Sheet]]
 
* [[SQL_Injection_Prevention_Cheat_Sheet | OWASP SQL Injection Prevention Cheat Sheet]]
Line 34: Line 41:
 
* [http://cwe.mitre.org/data/definitions/77.html CWE Entry 77 on Command Injection]
 
* [http://cwe.mitre.org/data/definitions/77.html CWE Entry 77 on Command Injection]
 
* [http://cwe.mitre.org/data/definitions/89.html CWE Entry 89 on SQL Injection]
 
* [http://cwe.mitre.org/data/definitions/89.html CWE Entry 89 on SQL Injection]
{{Top_10_2013:BottomAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|usenext=2013NextLink|next=A2-Cross-Site Scripting (XSS)|useprev=2013PrevLink|prev=Main}}
+
 
 +
{{Top_10_2013:BottomAdvancedTemplate
 +
    |type={{Top_10_2010:StyleTemplate}}
 +
    |usenext=2013NextLink
 +
    |next={{Top_10_2010:ByTheNumbers
 +
              |2
 +
              |year=2013}}
 +
    |useprev=2013PrevLink
 +
    |prev=Main
 +
}}
  
 
[[Category:OWASP Top Ten Project]]
 
[[Category:OWASP Top Ten Project]]

Revision as of 15:39, 10 February 2013

TEMPORARY PLACEHOLDER for 2013 T10

[[Top 10 {{{year}}}-Main|← Main]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Broken Authentication and Session Management|Broken Authentication and Session Management →]]
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
Application Specific Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Impact
SEVERE
Application / Business Specific
blank. blank blank blank blank
Am I Vulnerable To 'Injection'?

blank

How Do I Prevent 'Injection'?

blank

  1. blankBullet1
  2. blankBullet2
Example Attack Scenarios

blank

blank code

blank

http://example.com/app/accountView?id=' or '1'='1

blank

References

OWASP

External

[[Top 10 {{{year}}}-Main|← Main]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Broken Authentication and Session Management|Broken Authentication and Session Management →]]

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]