This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
User talk:T.Gigler
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 21:42, 30 January 2013 (UTC)
{{LinkBar |useprev=2013PrevHeaderTabDeveloperEdition |prev=A6-Verlust der Vertraulichkeit sensibler Daten |lblprev=JAVA2 |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}
Tests with the 'Time' functon:
27.08.2014: Year = 2014
2014-08-28: 2014-Aug-28
Last revision (mm/dd/yy): 09/30/2017
Top 10: Top Table Test
Threat Agents / Attack Vectors | Security Weakness | Impacts | |||
---|---|---|---|---|---|
App Specific | Exploitability DIFFICULT |
Prevalence UNCOMMON |
Detectability AVERAGE |
Impact SEVERE |
Business ? |
Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. |
The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability. |
Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. |