Germany/Projekte/Top 10-2013-Einleitung - Revision history

T.Gigler: doppelte '|language=de' gelöscht

2017-04-23T20:12:43Z

doppelte '|language=de' gelöscht

T.Gigler: Logo auskommentiert; wird noch diskutiert

2013-06-21T08:13:33Z

Logo auskommentiert; wird noch diskutiert

T.Gigler: 1 x 'text=' genügt => Fehler beseitigt

2013-06-17T21:27:01Z

1 x 'text=' genügt => Fehler beseitigt

T.Gigler: {{Top_10:LanguageFile|text=acknowledgements -> 'text=attribution' ....

2013-06-17T21:19:12Z

{{Top_10:LanguageFile|text=acknowledgements -> 'text=attribution' ....

T.Gigler: 2nd import

2013-06-15T17:19:55Z

2nd import

T.Gigler: Test:: Deutsche 'Lokalisierung' des Top 10-Wikis, Test der Templates

2013-06-15T17:15:42Z

Test:: Deutsche 'Lokalisierung' des Top 10-Wikis, Test der Templates

New page

{{Top_10_2013:TopTemplate
|usenext=2013NextLink
|next={{Top_10:LanguageFile|text=releaseNotes|language=de|year=2013}}
|useprev=2013PrevLink
|prev={{Top_10:LanguageFile|text=aboutOWASP|language=de|year=2013}}
|year=2013
|language=de
}}

{{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=welcome}}|year=2013|language=de}}
Welcome to the OWASP Top 10 2013! This update broadens one of the categories from the 2010 version to be more inclusive of common, important vulnerabilities, and reorders some of the others based on changing prevalence data. It also brings component security into the spotlight by creating a specific category for this risk, pulling it out of the obscurity of the fine print of the 2010 risk A6: Security Misconfiguration.

The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in application security, including 4 consulting companies and 3 tool/SaaS vendors (1 static, 1 dynamic, and 1 with both). This data spans over 500,000 vulnerabilities across hundreds of organizations and thousands of applications. The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact estimates.

The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.

{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=left|title={{Top_10:LanguageFile|text=warnings}}|year=2013|language=de}}
'''Don’t stop at 10.''' There are hundreds of issues that could affect the overall security of a web application as discussed in the [https://www.owasp.org/index.php/OWASP_Guide_Project OWASP Developer’s Guide] and the [https://www.owasp.org/index.php/Cheat_Sheets OWASP Cheat Sheet Series]. These are essential reading for anyone developing web applications. Guidance on how to effectively find vulnerabilities in web applications is provided in the [https://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide] and the [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide].

'''Constant change.''' This Top 10 will continue to change. Even without changing a single line of your application’s code, you may become vulnerable as new flaws are discovered and attack methods are refined. Please review the advice at the end of the Top 10 in “What’s Next For Developers, Verifiers, and Organizations” for more information.

'''Think positive.''' When you’re ready to stop chasing vulnerabilities and focus on establishing strong application security controls, OWASP has produced the [https://www.owasp.org/index.php/ASVS Application Security Verification Standard (ASVS)] as a guide to organizations and application reviewers on what to verify.

'''Use tools wisely.''' Security vulnerabilities can be quite complex and buried in mountains of code. In many cases, the most cost-effective approach for finding and eliminating these weaknesses is human experts armed with good tools.

'''Push left.''' Focus on making security an integral part of your culture throughout your development organization. Find out more in the [https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model Open Software Assurance Maturity Model (SAMM)] and the [http://ruggedsoftware.org/ Rugged Handbook].

{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=acknowledgements}}|year=2013|language=de}}
Thanks to [https://www.aspectsecurity.com/ Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
<center>
[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]
</center>
We’d like to thank those organizations that contributed their vulnerability prevalence data to support the 2013 update:
* [https://www.aspectsecurity.com/ Aspect Security]
* [http://www.hpenterprisesecurity.com/ HP] – Statistics from both [http://www.hpenterprisesecurity.com/collateral/whitepaper/HP2012CyberRiskReport_0313.pdf Fortify] and WebInspect
* [http://www.mindedsecurity.com/ Minded Security] – [http://blog.mindedsecurity.com/2013/02/real-life-vulnerabilities-statistics.html Statistics]
* [http://www.softtek.com/ Softtek] – [https://www.softtek.com/webdocs/special_pdfs/WP-State-of-the-art-2013.pdf Statistics]
* [https://www.trustwave.com/spiderlabs/ Trustwave, Spiderlabs] – [http://www2.trustwave.com/rs/trustwave/images/2013-Global-Security-Report.pdf Statistics] (See page 50)
* [http://www.veracode.com/ Veracode] – [http://info.veracode.com/rs/veracode/images/VERACODE-SOSS-V4.PDF Statistics]
* [https://www.whitehatsec.com/ WhiteHat Security Inc.] – [http://owasptop10.googlecode.com/files/WPstats_winter11_11th.pdf Statistics]

We would also like to thank everyone who contributed to previous versions of the Top 10, without which, it wouldn't be what it is today.We’d also like to thank those who contributed significant constructive comments and time reviewing this update to the Top 10:

* Adam Baso ([http://wikimediafoundation.org/wiki/Home Wikimedia Foundation])
* Mike Boberski (Booz Allen Hamilton)
* Torsten Gigler
* Neil Smithline – ([http://www.MorphoTrust.com MorphoTrust USA]) For producing the wiki version of the Top 10, and also providing feedback

And finally, we’d like to thank in advance all the translators out there that will translate this release of the Top 10 into numerous different languages, helping to make the OWASP Top 10 more accessible to the entire planet.

{{Top_10_2013:BottomAdvancedTemplate
|type={{Top_10_2010:StyleTemplate}}
|usenext=2013NextLink
|next={{Top_10:LanguageFile|text=releaseNotes|language=de|year=2013|language=de}}
|useprev=2013PrevLink
|prev={{Top_10:LanguageFile|text=aboutOWASP|language=de|year=2013|language=de}}
|year=2013
|language=de
}}

@@ Line 27: / Line 27: @@
-{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=text=attribution|language=de}}|year=2013|language=de}}
+{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=attribution|language=de}}|year=2013|language=de}}
 Thanks to [https://www.aspectsecurity.com/ Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
 <center>

@@ Line 27: / Line 27: @@
-{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=acknowledgements|language=de}}|year=2013|language=de}}
+{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=text=attribution|language=de}}|year=2013|language=de}}
 Thanks to [https://www.aspectsecurity.com/ Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
 <center>

@@ Line 54: / Line 54: @@
      |type={{Top_10_2010:StyleTemplate}}
      |usenext=2013NextLink
-     |next={{Top_10:LanguageFile|text=releaseNotes|language=de|year=2013|language=de}}
+     |next={{Top_10:LanguageFile|text=releaseNotes|year=2013|language=de}}
      |useprev=2013PrevLink
-     |prev={{Top_10:LanguageFile|text=aboutOWASP|language=de|year=2013|language=de}}
+     |prev={{Top_10:LanguageFile|text=aboutOWASP|year=2013|language=de}}
      |year=2013
      |language=de
 }}

@@ Line 29: / Line 29: @@
 {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=attribution|language=de}}|year=2013|language=de}}
 Thanks to [https://www.aspectsecurity.com/ Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
-<center>
+<!--- <center>
 [http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]
-</center>
+</center> <!--- to be discussed --->
 We’d like to thank those organizations that contributed their vulnerability prevalence data to support the 2013 update:
 * [https://www.aspectsecurity.com/ Aspect Security]

@@ Line 8: / Line 8: @@
 }}
-{{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=welcome}}|year=2013|language=de}}
+{{Top_10:SubsectionTableBeginTemplate|type=main}}{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=welcome|language=de}}|year=2013|language=de}}
 Welcome to the OWASP Top 10 2013! This update broadens one of the categories from the 2010 version to be more inclusive of common, important vulnerabilities, and reorders some of the others based on changing prevalence data.  It also brings component security into the spotlight by creating a specific category for this risk, pulling it out of the obscurity of the fine print of the 2010 risk A6: Security Misconfiguration.
@@ Line 15: / Line 15: @@
 The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.
-{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=left|title={{Top_10:LanguageFile|text=warnings}}|year=2013|language=de}}
+{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=left|title={{Top_10:LanguageFile|text=warnings|language=de}}|year=2013|language=de}}
 '''Don’t stop at 10.''' There are hundreds of issues that could affect the overall security of a web application as discussed in the [https://www.owasp.org/index.php/OWASP_Guide_Project  OWASP Developer’s Guide] and the [https://www.owasp.org/index.php/Cheat_Sheets  OWASP Cheat Sheet Series]. These are essential reading for anyone developing web applications. Guidance on how to effectively find vulnerabilities in web applications is provided in the [https://www.owasp.org/index.php/Category:OWASP_Testing_Project  OWASP Testing Guide] and the [https://www.owasp.org/index.php/Category:OWASP_Code_Review_Project  OWASP Code Review Guide].
@@ Line 27: / Line 27: @@
-{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=acknowledgements}}|year=2013|language=de}}
+{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=right|title={{Top_10:LanguageFile|text=acknowledgements|language=de}}|year=2013|language=de}}
 Thanks to [https://www.aspectsecurity.com/ Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
 <center>