This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User:Neil Smithline"
From OWASP
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the [[Top 10 2007]] and [[Top 10 2010]] documents. He was also the Wiki editor for both of them. | Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the [[Top 10 2007]] and [[Top 10 2010]] documents. He was also the Wiki editor for both of them. | ||
| − | For more information about Neil, visit his [http://www.neilsmithline.com/ homepage] which includes contact information, a pointer to his resume, his | + | For more information about Neil, visit his [http://www.neilsmithline.com/ homepage] which includes contact information, a pointer to his resume, his blog, and other tidbits. |
| − | + | If you just wish to send him an email, you can contact him at ''[email protected]'' replacing ''username'' with ''neil.smithline''. | |
* [http://www.neilsmithline.com/resume Homepage] | * [http://www.neilsmithline.com/resume Homepage] | ||
* [https://twitter.com/#!/neil_smithline Twitter] | * [https://twitter.com/#!/neil_smithline Twitter] | ||
* [http://www.linkedin.com/profile/view?2519386 LinkedIn] | * [http://www.linkedin.com/profile/view?2519386 LinkedIn] | ||
| + | <br/><br/> | ||
| + | <hr/> | ||
| + | <hr/> | ||
| + | Everything below this line is test wiki markup and should be ignored. | ||
| + | |||
| + | I know that the bullets are duplicated. This is only a formatting test, not content. | ||
| + | |||
| + | <div style=" | ||
| + | background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | |||
| + | background-image: -webkit-gradient( | ||
| + | linear, | ||
| + | left bottom, | ||
| + | left top, | ||
| + | color-stop(0.34, #86E86A), | ||
| + | color-stop(0.97, #CEF5D2) | ||
| + | ); | ||
| + | padding: 5px 10px 5px 10px; | ||
| + | border:2px solid #A1A1A1; | ||
| + | border-radius:15px; | ||
| + | -moz-border-radius:15px; | ||
| + | font-size: 100%; | ||
| + | font-weight: normal; | ||
| + | text-align: left; | ||
| + | line-height: 1em; | ||
| + | position: relative; | ||
| + | "> | ||
| + | [[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} | | ||
| + | A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} | ||
| + | ]] | ||
| + | :Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. | ||
| + | {{Top 10:GrayBoxEnd|year=2013}} | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | <div style=" | ||
| + | background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | |||
| + | background-image: -webkit-gradient( | ||
| + | linear, | ||
| + | left bottom, | ||
| + | left top, | ||
| + | color-stop(0.34, #86E86A), | ||
| + | color-stop(0.97, #CEF5D2) | ||
| + | ); | ||
| + | padding: 5px 10px 5px 10px; | ||
| + | border:2px solid #A1A1A1; | ||
| + | border-radius:15px; | ||
| + | -moz-border-radius:15px; | ||
| + | font-size: 100%; | ||
| + | font-weight: normal; | ||
| + | text-align: left; | ||
| + | line-height: 1em; | ||
| + | position: relative; | ||
| + | " | ||
| + | |||
| + | > | ||
| + | [[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} | | ||
| + | A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} | ||
| + | ]] | ||
| + | :XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. | ||
| + | {{Top 10:GrayBoxEnd|year=2013}} | ||
| + | |||
| + | <br/> | ||
| + | <div style=" | ||
| + | background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | |||
| + | background-image: -webkit-gradient( | ||
| + | linear, | ||
| + | left bottom, | ||
| + | left top, | ||
| + | color-stop(0.34, #86E86A), | ||
| + | color-stop(0.97, #CEF5D2) | ||
| + | ); | ||
| + | padding: 5px 10px 5px 10px; | ||
| + | border:2px solid #A1A1A1; | ||
| + | border-radius:15px; | ||
| + | -moz-border-radius:15px; | ||
| + | font-size: 100%; | ||
| + | font-weight: normal; | ||
| + | text-align: left; | ||
| + | line-height: 1em; | ||
| + | position: relative; | ||
| + | "> | ||
| + | [[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} | | ||
| + | A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} | ||
| + | ]] | ||
| + | :Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. | ||
| + | {{Top 10:GrayBoxEnd|year=2013}} | ||
| + | |||
| + | <br/> | ||
| + | |||
| + | <div style=" | ||
| + | background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%); | ||
| + | |||
| + | background-image: -webkit-gradient( | ||
| + | linear, | ||
| + | left bottom, | ||
| + | left top, | ||
| + | color-stop(0.34, #86E86A), | ||
| + | color-stop(0.97, #CEF5D2) | ||
| + | ); | ||
| + | padding: 5px 10px 5px 10px; | ||
| + | border:2px solid #A1A1A1; | ||
| + | border-radius:15px; | ||
| + | -moz-border-radius:15px; | ||
| + | font-size: 100%; | ||
| + | font-weight: normal; | ||
| + | text-align: left; | ||
| + | line-height: 1em; | ||
| + | position: relative; | ||
| + | " | ||
| + | |||
| + | > | ||
| + | [[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} | | ||
| + | A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} | ||
| + | ]] | ||
| + | :XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. | ||
| + | {{Top 10:GrayBoxEnd|year=2013}} | ||
Latest revision as of 23:01, 27 August 2014
Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the Top 10 2007 and Top 10 2010 documents. He was also the Wiki editor for both of them.
For more information about Neil, visit his homepage which includes contact information, a pointer to his resume, his blog, and other tidbits.
If you just wish to send him an email, you can contact him at [email protected] replacing username with neil.smithline.
Everything below this line is test wiki markup and should be ignored.
I know that the bullets are duplicated. This is only a formatting test, not content.
- Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
A2-Broken Authentication and Session Management
- XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
- Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
A2-Broken Authentication and Session Management
- XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
