This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "User:Neil Smithline"

From OWASP
Jump to: navigation, search
 
(2 intermediate revisions by the same user not shown)
Line 12: Line 12:
 
<hr/>
 
<hr/>
 
Everything below this line is test wiki markup and should be ignored.
 
Everything below this line is test wiki markup and should be ignored.
 +
 +
I know that the bullets are duplicated. This is only a formatting test, not content.
  
 
<div style="
 
<div style="
Line 43: Line 45:
 
{{Top 10:GrayBoxEnd|year=2013}}
 
{{Top 10:GrayBoxEnd|year=2013}}
  
<hr/>
+
<br/>
{| cellspacing="1" cellpadding="1" border="0" width="100%;"
 
| style="width: 173px;" | [[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} |
 
  
 
<div style="
 
<div style="
Line 61: Line 61:
 
color-stop(0.97, #CEF5D2)
 
color-stop(0.97, #CEF5D2)
 
);
 
);
border:2px solid #a1a1a1;
 
 
padding: 5px 10px 5px 10px;  
 
padding: 5px 10px 5px 10px;  
 +
border:2px solid #A1A1A1;
 
border-radius:15px;
 
border-radius:15px;
 
-moz-border-radius:15px;
 
-moz-border-radius:15px;
 
font-size: 100%;
 
font-size: 100%;
font-weight: bold;
+
font-weight: normal;
text-align: center;
+
text-align: left;
">
+
line-height: 1em;
A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}}
+
position: relative;
    {{Top 10:RoundedBoxLinkEnd|year=2013}}
+
"
|-
+
 
|<div style="
+
>
background-color: #F2F2F2;
+
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} |
 +
A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}}
 +
]]
 +
:XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
 +
{{Top 10:GrayBoxEnd|year=2013}}
 +
 
 +
<br/>
 +
<div style="
 +
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
 +
 
 +
background-image: -webkit-gradient(
 +
linear,
 +
left bottom,
 +
left top,
 +
color-stop(0.34, #86E86A),
 +
color-stop(0.97, #CEF5D2)
 +
);
 +
padding: 5px 10px 5px 10px;  
 
border:2px solid #A1A1A1;
 
border:2px solid #A1A1A1;
padding: 5px 10px 5px 40px;
 
width: 80%;
 
margin-left: 10%;
 
 
border-radius:15px;
 
border-radius:15px;
 
-moz-border-radius:15px;
 
-moz-border-radius:15px;
Line 86: Line 104:
 
position: relative;
 
position: relative;
 
">
 
">
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
+
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}} |
 +
A1-{{Top_10_2010:ByTheNumbers|1|year=2013|language=en}}
 +
]]
 +
:Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
 +
{{Top 10:GrayBoxEnd|year=2013}}
 +
 
 +
<br/>
  
{{Top 10:GrayBoxEnd|year=2013}}
+
<div style="
|-
+
background-image: linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=2|language=en}}<br/>A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}}
+
background-image: -o-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
{{Top 10:RoundedBoxLinkEnd|year=2013}}
+
background-image: -moz-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
|-
+
background-image: -webkit-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
|{{Top 10:GrayBoxBegin|year=2013}}
+
background-image: -ms-linear-gradient(bottom, #86E86A 34%, #CEF5D2 97%);
Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or  to exploit other implementation flaws to assume other users’ identities.
 
  
{{Top 10:GrayBoxEnd|year=2013}}
+
background-image: -webkit-gradient(
|-
+
linear,
|{{Top 10:RoundedBoxLinkBegin|year=2013|risk=3|language=en}}<br/>A3-{{Top_10_2010:ByTheNumbers|3|year=2013|language=en}}
+
left bottom,
{{Top 10:RoundedBoxLinkEnd|year=2013}}
+
left top,
|-
+
color-stop(0.34, #86E86A),
|{{Top 10:GrayBoxBegin|year=2013}}
+
color-stop(0.97, #CEF5D2)
XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
+
);
 +
padding: 5px 10px 5px 10px;
 +
border:2px solid #A1A1A1;
 +
border-radius:15px;
 +
-moz-border-radius:15px;
 +
font-size: 100%;
 +
font-weight: normal;
 +
text-align: left;
 +
line-height: 1em;
 +
position: relative;
 +
"
  
 +
>
 +
[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=en}}-A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}} |
 +
A2-{{Top_10_2010:ByTheNumbers|2|year=2013|language=en}}
 +
]]
 +
:XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
 
{{Top 10:GrayBoxEnd|year=2013}}
 
{{Top 10:GrayBoxEnd|year=2013}}
 
|}
 

Latest revision as of 23:01, 27 August 2014

Neil Smithline has been writing client-server applications for nearly 20 years. Most recently he has specialized in application server security. Neil contributed to both the Top 10 2007 and Top 10 2010 documents. He was also the Wiki editor for both of them.

For more information about Neil, visit his homepage which includes contact information, a pointer to his resume, his blog, and other tidbits.

If you just wish to send him an email, you can contact him at [email protected] replacing username with neil.smithline.





Everything below this line is test wiki markup and should be ignored.

I know that the bullets are duplicated. This is only a formatting test, not content.

A1-Injection

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.


A2-Broken Authentication and Session Management

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.


A1-Injection

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.


A2-Broken Authentication and Session Management

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.