Difference between revisions of "Top 10 2013-A2-Broken Authentication and Session Management"

From OWASP
Jump to: navigation, search
(Created page with "= TEMPORARY PLACEHOLDER for 2013 T10 = {{Top_10_2013:TopTemplate|usenext=2013NextLink|next={{Top_10_2010:ByTheNumbers|1|year=2013}}(XSS)|useprev=2013PrevLink|prev=A1-Injectio...")
 
Line 1: Line 1:
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
 
= TEMPORARY PLACEHOLDER for 2013 T10 =  
{{Top_10_2013:TopTemplate|usenext=2013NextLink|next={{Top_10_2010:ByTheNumbers|1|year=2013}}(XSS)|useprev=2013PrevLink|prev=A1-Injection}}
+
{{Top_10_2013:TopTemplate|usenext=2013NextLink|next={{Top_10_2010:ByTheNumbers|3|year=2013}}|useprev=2013PrevLink|prev={{Top_10_2010:ByTheNumbers|1|year=2013}}}}
  
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
 
{{Top_10_2010:SummaryTableHeaderBeginTemplate}}
Line 15: Line 15:
 
{{Top_10_2010:SummaryTableEndTemplate}}
 
{{Top_10_2010:SummaryTableEndTemplate}}
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=1|risk=2}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=1|risk=2|year=2013}}
 
blank
 
blank
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=2|risk=2}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=2|risk=2|year=2013}}
 
blank
 
blank
 
#blankBullet1
 
#blankBullet1
 
#blankBullet2
 
#blankBullet2
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=3|risk=2}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=3|risk=2|year=2013}}
 
blank
 
blank
 
{{Top_10_2010:ExampleBeginTemplate}}<span style="color:red;">blank code</span>{{Top_10_2010:ExampleEndTemplate}}
 
{{Top_10_2010:ExampleBeginTemplate}}<span style="color:red;">blank code</span>{{Top_10_2010:ExampleEndTemplate}}
Line 27: Line 27:
 
{{Top_10_2010:ExampleBeginTemplate}}<nowiki>http://example.com/app/accountView?id=</nowiki><span style="color: red;">' or '1'='1</span>{{Top_10_2010:ExampleEndTemplate}}
 
{{Top_10_2010:ExampleBeginTemplate}}<nowiki>http://example.com/app/accountView?id=</nowiki><span style="color: red;">' or '1'='1</span>{{Top_10_2010:ExampleEndTemplate}}
 
blank
 
blank
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=4|risk=2}}
+
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|number=4|risk=2|year=2013}}
 
{{Top_10_2010:SubSubsectionOWASPReferencesTemplate}}
 
{{Top_10_2010:SubSubsectionOWASPReferencesTemplate}}
 
* [[SQL_Injection_Prevention_Cheat_Sheet | OWASP SQL Injection Prevention Cheat Sheet]]
 
* [[SQL_Injection_Prevention_Cheat_Sheet | OWASP SQL Injection Prevention Cheat Sheet]]
Line 37: Line 37:
  
 
[[Category:OWASP Top Ten Project]]
 
[[Category:OWASP Top Ten Project]]
 
aaa
 
{{Top_10_2010:ByTheNumbers|3|year=2013}}
 
bbb
 

Revision as of 15:09, 10 February 2013

TEMPORARY PLACEHOLDER for 2013 T10

[[Top 10 {{{year}}}-Injection|← Injection]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Cross-Site Scripting (XSS)|Cross-Site Scripting (XSS) →]]
Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
Application Specific Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Impact
SEVERE
Application / Business Specific
blank. blank blank blank blank
Am I Vulnerable To 'Broken Authentication and Session Management'?

blank

How Do I Prevent 'Broken Authentication and Session Management'?

blank

  1. blankBullet1
  2. blankBullet2
Example Attack Scenarios

blank

blank code

blank

http://example.com/app/accountView?id=' or '1'='1

blank

References

OWASP

External

[[Top 10 {{{year}}}-Main|← Main]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-A2-Cross-Site Scripting (XSS)|A2-Cross-Site Scripting (XSS) →]]

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]