Difference between revisions of "Top 10 2013-Details About Risk Factors"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
{{Top_10_2013:TopTemplate
 +
    |usenext=Blank
 +
    |next=
 +
    |useprev=2013PrevLink
 +
    |prev=Note About Risks
 +
}}
 +
 +
 
The following table presents a summary of the 2013 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.
 
The following table presents a summary of the 2013 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.
  
Line 26: Line 34:
 
* Mass Assignment
 
* Mass Assignment
 
* User Privacy
 
* User Privacy
 +
 +
{{Top_10_2013:BottomTemplate
 +
  |usenext=2013NextLink
 +
  |useprev=2013PrevLink
 +
  |prev=Introduction
 +
  |next=Note About Risks
 +
}}

Revision as of 16:10, 26 February 2013

[[Top 10 {{{year}}}-Note About Risks|← Note About Risks]]
2013 Table of Contents

2013 Top 10 List

Template:Blank


The following table presents a summary of the 2013 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.

TABLE GOES HERE

TABLE GOES HERE

TABLE GOES HERE

TABLE GOES HERE

TABLE GOES HERE

TABLE GOES HERE


The Top 10 cover a lot of ground, but there are other risks that you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time. Other important application security risks (in alphabetical order) that you should also consider include:

  • Clickjacking
  • Concurrency Flaws
  • Denial of Service (Was 2004 Top 10 – Entry 2004-A9)
  • Expression Language Injection
  • Information Leakage and Improper Error Handling (Was part of 2007 Top 10 – Entry 2007-A6)
  • Insufficient Anti-automation
  • Insufficient Logging and Accountability (Related to 2007 Top 10 – Entry 2007-A6)
  • Lack of Intrusion Detection and Response
  • Malicious File Execution (Was 2007 Top 10 – Entry 2007-A3)
  • Mass Assignment
  • User Privacy


[[Top 10 {{{year}}}-Introduction|← Introduction]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Note About Risks|Note About Risks →]]

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]