Difference between revisions of "User talk:T.Gigler"

Latest revision as of 20:18, 30 September 2017

Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 21:42, 30 January 2013 (UTC)

Everything below this line is test wiki markup and should be ignored.

{{LinkBar |useprev=2013PrevHeaderTabDeveloperEdition |prev=A6-Verlust der Vertraulichkeit sensibler Daten |lblprev=JAVA2 |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}

« JAVA2

JAVA2 »

Design-Test

This Page has is up to date, but it may need a nicer design! Please help OWASP to FixME.

Tests with the 'Time' functon:
27.08.2014: Year = 2014
2014-08-28: 2014-Aug-28

FIRST DRAFT for Cheat Sheets:

Cheat Sheet

Last revision (mm/dd/yy): 09/30/2017

1 Introduction
2 Rules
3 Related Articles
4 Authors and Primary Editors
- 4.1 Top 10: Top Table Test

Introduction

1st box

Rules

2nd box

Example: Description

#example commands

Example Output

Related Articles

3rd box

Authors and Primary Editors

4th box

Other Cheatsheets

V - T - E Cheat Sheets
Developer / Builder	3rd Party Javascript Management Access Control AJAX Security Cheat Sheet Authentication (ES) Bean Validation Cheat Sheet Choosing and Using Security Questions Clickjacking Defense Credential Stuffing Prevention Cheat Sheet Cross-Site Request Forgery (CSRF) Prevention Cryptographic Storage C-Based Toolchain Hardening CSS Security Deserialization DOM based XSS Prevention Forgot Password HTML5 Security HTTP Strict Transport Security Injection Prevention Cheat Sheet Injection Prevention Cheat Sheet in Java JSON Web Token (JWT) Cheat Sheet for Java Input Validation Insecure Direct Object Reference Prevention JAAS Key Management LDAP Injection Prevention Logging Mass Assignment Cheat Sheet .NET Security OS Command Injection Defense Cheat Sheet OWASP Top Ten Password Storage Pinning Query Parameterization REST Security Ruby on Rails Session Management SAML Security SQL Injection Prevention Transaction Authorization Transport Layer Protection TLS Cipher String Configuration Unvalidated Redirects and Forwards User Privacy Protection Web Service Security XSS (Cross Site Scripting) Prevention XML External Entity (XXE) Prevention Cheat Sheet
Assessment / Breaker	Attack Surface Analysis REST Assessment Web Application Security Testing XML Security Cheat Sheet XSS Filter Evasion
Mobile	Android Testing IOS Developer Mobile Jailbreaking
OpSec / Defender	Virtual Patching Vulnerability Disclosure
Draft and Beta	Application Security Architecture Business Logic Security Content Security Policy Denial of Service Cheat Sheet Grails Secure Code Review IOS Application Security Testing PHP Security Regular Expression Security Cheatsheet Secure Coding Secure SDLC Threat Modeling
All Pages In This Category

Top 10: Top Table Test

Threat Agents / Attack Vectors		Security Weakness		Impacts
App Specific	Exploitability DIFFICULT	Prevalence UNCOMMON	Detectability AVERAGE	Impact SEVERE	Business ?
Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser.		The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability.		Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. The business impact depends on the protection needs of your application and data.

@@ Line 3: / Line 3: @@
 You will probably want to read the [[Help:Contents|help pages]].
 Again, welcome and have fun! [[User:KateHartmann|KateHartmann]] 21:42, 30 January 2013 (UTC)
+----
+----
+<br>{{Top_10_2010:SubsectionColoredTemplate|'''Everything below this line is test wiki markup and should be ignored.'''||year=2010}}<br>
+----
 {{Top 10 DeveloperEdition:NavigationByHeadertab_Test
      |headertab=JAVA
@@ Line 21: / Line 24: @@
      |language=de
 }}
+{{LinkBar |useprev=2013PrevHeaderTabDeveloperEdition |prev=A6-Verlust der Vertraulichkeit sensibler Daten |lblprev=JAVA2 |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}
+{{LinkBar |useprev=Nothing |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}
+<div style="background-color: #FFFF66; color: #204A7F; font-size: 170%; line-height: 105%; padding: 6px; padding-top: 4px; font-weight: bold; border:2px solid #204A7F; border-right: none; border-left: none; margin: 0;">
+Design-Test<div style="background-color: #B2FF66;">This Page has is up to date, but it may need a nicer design! <small>Please help OWASP to</small> [[:Category:FIXME|FixME]].</div>
+</div>
+Tests with the 'Time' functon:<br/>
+.08.2014: Year = {{#time: Y|27.08.2014}}<br/>
+-08-28: {{#time: Y-M-d|2014-08-28}}
+----
+----
+<span id="cheat_sheet_test"></span> <!-- anchor for cheat sheets: -> https://www.owasp.org/index.php/User_talk:T.Gigler#cheat_sheet_test -->
+<div style="width:100%;font-size:160%;border:0,margin:0;overflow: hidden;">'''FIRST DRAFT for Cheat Sheets:''' </div>
+<br>
+ __NOTOC__
+<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:Cheatsheets-header.jpg|link=]]</div>
+{{ColoredBackground|text=Cheat Sheet|color=white|font-size=180%|background-color=#6261e1|border=3px solid|border-color=#204A7F|border-top=none}}<!---- Title ---->
+Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
+ __TOC__{{TOC hidden}}
+{{Top_10:SubsectionTableBeginTemplate|type=headertab}}
+<h1>{{Top_10_2010:SubsectionAdvancedTemplate
+        |type={{Top_10_2010:StyleTemplate}}
+        |subsection=freetext
+        |title={{ColoredBackground|text=Introduction|color=white|font-size=100%|background-color=#6261e1|border=none}}
+        |position=firstLeft
+        |year=2010
+        |language=en
+}}</h1>
+st box
+<h1>{{Top_10_2010:SubsectionAdvancedTemplate
+        |type={{Top_10_2010:StyleTemplate}}
+        |subsection=freetext
+        |title={{ColoredBackground|text=Rules|color=white|font-size=100%|background-color=#6261e1|border=none}}
+        |position=firstLeft
+        |year=2010
+        |language=en
+}}</h1>
+nd box
+{{Top_10_2010:ExampleBeginTemplate|year=2010}}
+Example: Description<br>
+<nowiki>#</nowiki>example commands<br>
+<small>
+ Example Output
+</small>
+{{Top_10_2010:ExampleEndTemplate}}<br>
+<h1>{{Top_10_2010:SubsectionAdvancedTemplate
+        |type={{Top_10_2010:StyleTemplate}}
+        |subsection=freetext
+        |title={{ColoredBackground|text=Related Articles|color=white|font-size=100%|background-color=#6261e1|border=none}}
+        |position=firstLeft
+        |year=2010
+        |language=en
+}}</h1>
+rd box
+<h1>{{Top_10_2010:SubsectionAdvancedTemplate
+        |type={{Top_10_2010:StyleTemplate}}
+        |subsection=freetext
+        |title={{ColoredBackground|text=Authors and Primary Editors|color=white|font-size=100%|background-color=#6261e1|border=none}}
+        |position=firstLeft
+        |year=2010
+        |language=en
+}}</h1>
+th box
+{{Top_10_2010:SubsectionAdvancedTemplate
+        |type={{Top_10_2010:StyleTemplate}}
+        |subsection=freetext
+        |title={{ColoredBackground|text=Other Cheatsheets|color=white|font-size=100%|background-color=#6261e1|border=none}}
+        |position=firstLeft
+        |year=2010
+        |language=en
+}}{{Cheatsheet_Navigation_Body}}
+{{Top_10:SubsectionTableEndTemplate}}
+----
+----
+<span id="top10_top_table_test"></span> <!-- anchor for cheat sheets: -> https://www.owasp.org/index.php/User_talk:T.Gigler#top10_top_table_test -->
+== Top 10: Top Table Test ==
+{{Top_10_2010:SummaryTableHeaderBeginTemplate|year=2017|language=en}}
+  {{Top_10:SummaryTableTemplate|exploitability=3|prevalence=3|detectability=2|impact=1|year=2017|language=en}}
+{{Top_10_2010:SummaryTableHeaderEndTemplate|year=2017}}
+     <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}>
+<!--- Threat Agents: --->Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser.
+</td>
+     <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}>
+<!--- Security Weakness --->The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability.
+</td>
+     <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}>
+<!--- Technical and Business Impacts --->Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc.<br> The business impact depends on the protection needs of your application and data.
+</td>
+{{Top_10_2010:SummaryTableEndTemplate|year=2017}}

Difference between revisions of "User talk:T.Gigler"

Latest revision as of 20:18, 30 September 2017

Top 10: Top Table Test

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools