This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10 2013-Details About Risk Factors"
Line 28: | Line 28: | ||
<tr><td>[https://www.owasp.org/index.php/A1 A1 Injection]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A1 A1 Injection]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||COMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||SEVERE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A2 A2 Authentication]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A2 A2 Authentication]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||WIDESPREAD|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||SEVERE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A3 A3 XSS]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A3 A3 XSS]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-0-Template| | + | {{Top_10_2010:SummaryTableValue-0-Template||VERY WIDESPREAD|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A4 A4 Insecure DOR]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A4 A4 Insecure DOR]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||COMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A5 A5 Config]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A5 A5 Config]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||COMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A6 A6 Sens. Data]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A6 A6 Sens. Data]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-3-Template| | + | {{Top_10_2010:SummaryTableValue-3-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-3-Template| | + | {{Top_10_2010:SummaryTableValue-3-Template||UNCOMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||SEVERE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A7 A7 Function Acc.]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A7 A7 Function Acc.]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||COMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A8 A8 CSRF]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A8 A8 CSRF]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||COMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A9 A9 Components]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A9 A9 Components]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||WIDESPREAD|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-3-Template| | + | {{Top_10_2010:SummaryTableValue-3-Template||Difficult|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
<tr><td>[https://www.owasp.org/index.php/A10 A10 Redirects]</td><td> </td> | <tr><td>[https://www.owasp.org/index.php/A10 A10 Redirects]</td><td> </td> | ||
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||AVERAGE|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-3-Template| | + | {{Top_10_2010:SummaryTableValue-3-Template||UNCOMMON|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-1-Template| | + | {{Top_10_2010:SummaryTableValue-1-Template||EASY|year=2013}} |
− | {{Top_10_2010:SummaryTableValue-2-Template| | + | {{Top_10_2010:SummaryTableValue-2-Template||MODERATE|year=2013}} |
<td> </td></tr> | <td> </td></tr> | ||
Revision as of 04:48, 9 March 2013
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
[[Top 10 {{{year}}}-Note About Risks|← Note About Risks]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
Top 10 Risk Factor Summary
The following table presents a summary of the 2013 Top 10 Application Security Risks, and the risk factors we have assigned to each risk. These factors were determined based on the available statistics and the experience of the OWASP Top 10 team. To understand these risks for a particular application or organization, you must consider your own specific threat agents and business impacts. Even egregious software weaknesses may not present a serious risk if there are no threat agents in a position to perform the necessary attack or the business impact is negligible for the assets involved. TABLE GOES HERE
TABLE GOES HERE |
Additional Risks to Consider
The Top 10 cover a lot of ground, but there are other risks that you should consider and evaluate in your organization. Some of these have appeared in previous versions of the Top 10, and others have not, including new attack techniques that are being identified all the time. Other important application security risks (in alphabetical order) that you should also consider include:
|