Difference between revisions of "Top 10 2013-Details About Risk Factors"

From OWASP
Jump to: navigation, search
Line 27: Line 27:
 
</tr>
 
</tr>
  
<tr><td>[https://www.owasp.org/index.php/A1 A1-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A1 A1 Injection]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 34: Line 34:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A2 A2-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A2 A2 ]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 41: Line 41:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A3 A3-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A3 A3 XSS]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 48: Line 48:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A4 A4-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A4 A4 Insecure DOR]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 55: Line 55:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A5 A5-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A5 A5 Config]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 62: Line 62:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A6 A6]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A6 A6 Sens. Data]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 69: Line 69:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A7 A7-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A7 A7 Function Acc.]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 76: Line 76:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A8 A8-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A8 A8 CSRF]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 83: Line 83:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A9 A9-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A9 A9 Components]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
Line 90: Line 90:
 
<td>&nbsp;</td></tr>
 
<td>&nbsp;</td></tr>
  
<tr><td>[https://www.owasp.org/index.php/A10 A10-Injection]</td><td>&nbsp;</td>
+
<tr><td>[https://www.owasp.org/index.php/A10 A10 Redirects]</td><td>&nbsp;</td>
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-1-Template|Exploitability|EASY|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}
 
{{Top_10_2010:SummaryTableValue-2-Template|Prevalence|COMMON|year=2013}}

Revision as of 23:33, 8 March 2013

[[Top 10 {{{year}}}-Note About Risks|← Note About Risks]]
2013 Table of Contents

2013 Top 10 List

 
Top 10 Risk Factor Summary

The following table presents a summary of the 2013 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved.

TABLE GOES HERE


RISK Threat Agents Attack Vectors Security Weakness Technical Impacts Business Impacts
A1 Injection  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A2   Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A3 XSS  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A4 Insecure DOR  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A5 Config  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A6 Sens. Data  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A7 Function Acc.  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A8 CSRF  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A9 Components  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 
A10 Redirects  Exploitability
EASY
Prevalence
COMMON
Detectability
AVERAGE
Prevalence
SEVERE
 

TABLE GOES HERE

Additional Risks to Consider

The Top 10 cover a lot of ground, but there are other risks that you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time. Other important application security risks (in alphabetical order) that you should also consider include:


[[Top 10 {{{year}}}-Note About Risks|← Note About Risks]]
2013 Table of Contents

2013 Top 10 List

 

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]