Difference between revisions of "Top 10 2013-A2-Broken Authentication and Session Management"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
{{Top_10_2013:TopTemplate|usenext=2013NextLink|next={{Top_10_2010:ByTheNumbers|3|year=2013}}|useprev=2013PrevLink|prev={{Top_10_2010:ByTheNumbers|1|year=2013}}}}
+
{{Top_10_2013:TopTemplate
 +
    |usenext=2013NextLink
 +
    |next={{Top_10_2010:ByTheNumbers
 +
              |3
 +
              |year=2013}}
 +
    |useprev=2013PrevLink
 +
    |prev={{Top_10_2010:ByTheNumbers
 +
              |1
 +
              |year=2013}}
 +
}}
  
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
Line 34: Line 43:
 
* [http://cwe.mitre.org/data/definitions/77.html CWE Entry 77 on Command Injection]
 
* [http://cwe.mitre.org/data/definitions/77.html CWE Entry 77 on Command Injection]
 
* [http://cwe.mitre.org/data/definitions/89.html CWE Entry 89 on SQL Injection]
 
* [http://cwe.mitre.org/data/definitions/89.html CWE Entry 89 on SQL Injection]
{{Top_10_2013:BottomAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|usenext=2013NextLink|next=A2-Cross-Site Scripting (XSS)|useprev=2013PrevLink|prev=Main}}
+
 
 +
{{Top_10_2013:BottomAdvancedTemplate
 +
    |type={{Top_10_2010:StyleTemplate}}
 +
    |usenext=2013NextLink
 +
    |next={{Top_10_2010:ByTheNumbers
 +
              |3
 +
              |year=2013}}
 +
    |useprev=2013PrevLink
 +
    |prev={{Top_10_2010:ByTheNumbers
 +
              |1
 +
              |year=2013}}}}
  
 
[[Category:OWASP Top Ten Project]]
 
[[Category:OWASP Top Ten Project]]

Revision as of 15:21, 10 February 2013

TEMPORARY PLACEHOLDER for 2013 T10

[[Top 10 {{{year}}}-Injection|← Injection]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Cross-Site Scripting (XSS)|Cross-Site Scripting (XSS) →]]
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
Application Specific Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Impact
SEVERE
Application / Business Specific
blank. blank blank blank blank
Am I Vulnerable To 'Broken Authentication and Session Management'?

blank

How Do I Prevent 'Broken Authentication and Session Management'?

blank

  1. blankBullet1
  2. blankBullet2
Example Attack Scenarios

blank

blank code

blank

http://example.com/app/accountView?id=' or '1'='1

blank

References

OWASP

External

[[Top 10 {{{year}}}-Injection|← Injection]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Cross-Site Scripting (XSS)|Cross-Site Scripting (XSS) →]]

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]