This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
User:Neil Smithline
Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the Top 10 2007 and Top 10 2010 documents. He was also the Wiki editor for both of them.
For more information about Neil, visit his homepage which includes contact information, a pointer to his resume, his blog, and other tidbits.
If you just wish to send him an email, you can contact him at [email protected] replacing username with neil.smithline.
Everything below this line is test wiki markup and should be ignored.
I know that the bullets are duplicated. This is only a formatting test, not content.
- Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
A2-Broken Authentication and Session Management
- XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
- Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
A2-Broken Authentication and Session Management
- XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.