Mmeucci at 21:47, 30 April 2007

2007-04-30T21:47:02Z

Neil Smithline: Major improvements to wikification script. Also updated to newest version of RC1

2007-03-12T03:03:38Z

Major improvements to wikification script. Also updated to newest version of RC1

Show changes

Neil Smithline: Update with newest automated output

2007-02-12T01:58:21Z

Update with newest automated output

Show changes

Neil Smithline at 19:10, 6 February 2007

2007-02-06T19:10:27Z

Neil Smithline: Initial draft

2007-02-04T01:34:28Z

Initial draft

Show changes

@@ Line 355: / Line 355: @@
 *[http://www.owasp.org/index.php/Testing_for_Denial_of_Service http://www.owasp.org/index.php/Testing_for_Denial_of_Service]
-Insecure configuration management affects all systems to some extent, particularly PHP. However, the ranking by MITRE does not allow us to include this issue this year. When deploying your application, you should consult the latest OWASP Guide and the OWASP Testing Guide for detailed information regarding secure configuration management and testing:
+Insecure configuration management affects allsystems to some extent, particularly PHP. However, the ranking by MITRE does not allow us to include this issue this year. When deploying your application, you should consult the latest OWASP Guide and the OWASP Testing Guide for detailed information regarding secure configuration management and testing:
@@ Line 865: / Line 865: @@
 If an online bank allowed its application to process requests, such as transfer funds, a similar attack might allow:
-<img src="http://www.example.com/transfer.do?frmAcct=document.form.frmAcct
+<img src="http://www.example.com/transfer.do?frmAcct=document.form.frmAcct&toAcct=4345754&toSWIFTid=434343&amt=3434.43">
 Both of these attacks work because the user’s authorization credential (typically the session cookie) would automatically be included with such requests by the browser, even though the attacker didn’t supply that credential.

@@ Line 26: / Line 26: @@
 </div>
-{|'''A1 – Cross Site Scripting (XSS)'''|XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, etc.
+{| border="1" cellpadding="2"
-'''A2 – Injection Flaws'''|Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker’s hostile data tricks the interpreter into executing unintended commands or changing data.
+!style="background:#FFFF99"|Vulnerability
-'''A3 – Insecure Remote File Include'''|Code vulnerable to remote file inclusion allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise.
+!style="background:#FFFF99"|Description
-'''A4 – Insecure Direct Object Reference'''|A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects without authorization.
+|-
-'''A5 – Cross Site Request Forgery (CSRF)'''|A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim’s browser to perform a hostile action to the benefit of the attacker.
+|'''A1 – Cross Site Scripting (XSS)'''
-'''A6 – Information Leakage and Improper Error Handling'''|Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems. Attackers use this weakness to violate privacy, or conduct further attacks.
+|XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim’s browser which can hijack user sessions, deface web sites, etc.
-'''A7 – Broken Authentication and Session Management'''|Account credentials and session tokens are often not properly protected. Attackers compromise passwords, keys, or authentication tokens to assume other users’ identities.
+|-
-'''A8 – Insecure Cryptographic Storage'''|Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.
+|'''A2 – Injection Flaws'''
-'''A9 – Insecure Communications'''|Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.
+|Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker’s hostile data tricks the interpreter into executing unintended commands or changing data.
-'''A10 – Failure to Restrict URL Access'''|Frequently, the only protection for sensitive areas of an application is links or URLs are not presented to unauthorized users. Attackers can use this weakness to access and perform unauthorized operations.|}
+|-
 '''Table 1: Top 10 Web application vulnerabilities for 2006'''
 <div style='background-color:#4F81BD'>
@@ Line 266: / Line 292: @@
   *Add firewall rules to prevent web servers making new connections to external web sites and internal systems. For high value systems, isolate the web server in its own VLAN or private subnet.
   *Ensure that file and streams functions (stream_*) are carefully vetted. Ensure that the user input is not supplied any function which takes a filename argument, including:
-include() include_once() require() require_once()fopen() imagecreatefromXXX() file() file_get_contents() copy() delete() unlink() upload_tmp_dir() $_FILES move_uploaded_file()
+include() include_once() require() require_once() fopen() imagecreatefromXXX() file() file_get_contents() copy() delete() unlink() upload_tmp_dir() $_FILES move_uploaded_file()
   *Be extremely cautious if data is passed to system() eval() passthru() or ` (the backtick operator).
   *Check that any files taken from the user for legitimate purposes cannot be otherwise obviated, such as including user supplied data in the session object, avatars and images, PDF reports, temporary files, and so on.

Top 10 2007-WIKI-FORMAT-TEST - Revision history

Mmeucci at 21:47, 30 April 2007

Neil Smithline: Major improvements to wikification script. Also updated to newest version of RC1

Neil Smithline: Update with newest automated output

Neil Smithline at 19:10, 6 February 2007

Neil Smithline: Initial draft