This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Top 10 2010:ByTheNumbers"
From OWASP
m (Editorial changes (added some spaces)) |
|||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | {{#switch: {{{year}}} | + | <!--------------------------------------------------------> |
| − | | | + | <!-- Template:Top 10 2010:ByTheNumbers --> |
| + | <!--------------------------------------------------------> | ||
| + | ==='''Usage:''' === | ||
| + | <nowiki>{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}</nowiki><br/><nowiki> <!-- the 'type=short' is opional (used for '+RF') ---></nowiki> | ||
| + | <br/> | ||
| + | === '''Example:''' === | ||
| + | <nowiki>{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}} | ||
| + | {{Top_10_2010:ByTheNumbers|2|year=2013}} <!-- Default-Language = English ---> | ||
| + | {{Top_10_2010:ByTheNumbers|2|language=de}} <!-- Default-Year = 2010 ---> | ||
| + | {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}} <!-- Type = short ---></nowiki> | ||
| + | |||
| + | <br/> | ||
| + | {| class="wikitable" cellspacing="1" cellpadding="1" border="1" width="100%;" | ||
| + | |- | ||
| + | ! style="min-width: 4%" |Number | ||
| + | ! style="min-width: 24%" |English 2010 | ||
| + | ! style="min-width: 24%" |German 2010 | ||
| + | ! style="min-width: 24%" |English 2013 | ||
| + | ! style="min-width: 24%" |German 2013 | ||
| + | ! style="min-width: 24%" |English 2017 | ||
| + | |- | ||
| + | | 1 | ||
| + | | {{Top_10_2010:ByTheNumbers|1}} | ||
| + | | {{Top_10_2010:ByTheNumbers|1|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|1|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|1|year=2017}} | ||
| + | |||
| + | |- | ||
| + | | 2 | ||
| + | | {{Top_10_2010:ByTheNumbers|2}} | ||
| + | | {{Top_10_2010:ByTheNumbers|2|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|2|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|2|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|2|year=2017}} | ||
| + | |- | ||
| + | | 3 | ||
| + | | {{Top_10_2010:ByTheNumbers|3}} | ||
| + | | {{Top_10_2010:ByTheNumbers|3|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|3|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|3|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|3|year=2017}} | ||
| + | |- | ||
| + | | 4 | ||
| + | | {{Top_10_2010:ByTheNumbers|4}} | ||
| + | | {{Top_10_2010:ByTheNumbers|4|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|4|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|4|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|4|year=2017}} | ||
| + | |- | ||
| + | | 5 | ||
| + | | {{Top_10_2010:ByTheNumbers|5}} | ||
| + | | {{Top_10_2010:ByTheNumbers|5|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|5|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|5|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|5|year=2017}} | ||
| + | |- | ||
| + | | 6 | ||
| + | | {{Top_10_2010:ByTheNumbers|6}} | ||
| + | | {{Top_10_2010:ByTheNumbers|6|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|6|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|6|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|6|year=2017}} | ||
| + | |- | ||
| + | | 7 | ||
| + | | {{Top_10_2010:ByTheNumbers|7}} | ||
| + | | {{Top_10_2010:ByTheNumbers|7|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|7|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|7|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|7|year=2017}} | ||
| + | |- | ||
| + | | 8 | ||
| + | | {{Top_10_2010:ByTheNumbers|8}} | ||
| + | | {{Top_10_2010:ByTheNumbers|8|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|8|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|8|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|8|year=2017}} | ||
| + | |- | ||
| + | | 9 | ||
| + | | {{Top_10_2010:ByTheNumbers|9}} | ||
| + | | {{Top_10_2010:ByTheNumbers|9|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|9|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|9|year=2017}} (short: {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}) | ||
| + | |- | ||
| + | | 10 | ||
| + | | {{Top_10_2010:ByTheNumbers|10}} | ||
| + | | {{Top_10_2010:ByTheNumbers|10|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|10|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|10|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|10|year=2017}} | ||
| + | |- | ||
| + | | 11 | ||
| + | | {{Top_10_2010:ByTheNumbers|11}} | ||
| + | | {{Top_10_2010:ByTheNumbers|11|language=de}} | ||
| + | | {{Top_10_2010:ByTheNumbers|11|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|11|language=de|year=2013}} | ||
| + | | {{Top_10_2010:ByTheNumbers|11|year=2017}} | ||
| + | |} | ||
| + | |||
| + | <onlyinclude>{{#switch: {{{year}}} | ||
| + | | 2017 = | ||
{{#switch: {{{1}}} | {{#switch: {{{1}}} | ||
| − | | 1= | + | | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }} |
| − | | 2= | + | | 2={{Top_10:LanguageFile|text=brokenAuth|language={{{language}}} }} |
| − | | 3= | + | | 3={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }} |
| − | | 4= | + | | 4={{Top_10:LanguageFile|text=xxe|language={{{language}}} }} |
| − | | 5= | + | | 5={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }} |
| − | | 6= | + | | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }} |
| − | | 7= | + | | 7={{Top_10:LanguageFile|text=xss|language={{{language}}} }} |
| − | | 8= | + | | 8={{Top_10:LanguageFile|text=insecureDeserialization|language={{{language}}} }} |
| − | | 9= | + | | 9={{#switch: {{{type}}} |
| − | | 10= | + | | short ={{Top_10:LanguageFile|text=vulnComponents|language={{{language}}} }} |
| − | | 11= | + | | #default={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }} |
| − | }} | + | }} |
| − | }} | + | | 10={{Top_10:LanguageFile|text=insufficientLoggingMonitoring|language={{{language}}} }} |
| + | | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }} | ||
| + | }} | ||
| + | | 2013 = | ||
| + | {{#switch: {{{1}}} | ||
| + | | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }} | ||
| + | | 2={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }} | ||
| + | | 3={{Top_10:LanguageFile|text=xss|language={{{language}}} }} | ||
| + | | 4={{Top_10:LanguageFile|text=insecureDirectObjectReference|language={{{language}}} }} | ||
| + | | 5={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }} | ||
| + | | 6={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }} | ||
| + | | 7={{Top_10:LanguageFile|text=missingFunctionLevelACL|language={{{language}}} }} | ||
| + | | 8={{Top_10:LanguageFile|text=csrf|language={{{language}}} }} | ||
| + | | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }} | ||
| + | | 10={{Top_10:LanguageFile|text=unvalidatedRedirectsForwards|language={{{language}}} }} | ||
| + | | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }} | ||
| + | }} | ||
| + | | #default = | ||
| + | {{#switch: {{{1}}} | ||
| + | | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }} | ||
| + | | 2={{Top_10:LanguageFile|text=xss|language={{{language}}} }} | ||
| + | | 3={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }} | ||
| + | | 4={{Top_10:LanguageFile|text=insecureDirectObjectReference|language={{{language}}} }} | ||
| + | | 5={{Top_10:LanguageFile|text=csrf|language={{{language}}} }} | ||
| + | | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }} | ||
| + | | 7={{Top_10:LanguageFile|text=insecureCryptographicStorage|language={{{language}}} }} | ||
| + | | 8={{Top_10:LanguageFile|text=failureRestrictUrlAccess|language={{{language}}} }} | ||
| + | | 9={{Top_10:LanguageFile|text=insufficientTLProtection|language={{{language}}} }} | ||
| + | | 10={{Top_10:LanguageFile|text=unvalidatedRedirectsForwards|language={{{language}}} }} | ||
| + | | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }} | ||
| + | }} | ||
| + | }}</onlyinclude> | ||
Latest revision as of 14:38, 7 January 2018
Usage:
{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}
<!-- the 'type=short' is opional (used for '+RF') --->
Example:
{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
{{Top_10_2010:ByTheNumbers|2|year=2013}} <!-- Default-Language = English --->
{{Top_10_2010:ByTheNumbers|2|language=de}} <!-- Default-Year = 2010 --->
{{Top_10_2010:ByTheNumbers|9|year=2017|type=short}} <!-- Type = short --->
| Number | English 2010 | German 2010 | English 2013 | German 2013 | English 2017 |
|---|---|---|---|---|---|
| 1 | Injection | Injection | Injection | Injection | Injection |
| 2 | Cross-Site Scripting (XSS) | Cross-Site Scripting (XSS) | Broken Authentication and Session Management | Fehler in Authentifizierung und Session-Management | Broken Authentication |
| 3 | Broken Authentication and Session Management | Fehler in Authentifizierung und Session-Management | Cross-Site Scripting (XSS) | Cross-Site Scripting (XSS) | Sensitive Data Exposure |
| 4 | Insecure Direct Object References | Unsichere direkte Objektreferenzen | Insecure Direct Object References | Unsichere direkte Objektreferenzen | XML External Entities (XXE) |
| 5 | Cross-Site Request Forgery (CSRF) | Cross-Site Request Forgery (CSRF) | Security Misconfiguration | Sicherheitsrelevante Fehlkonfiguration | Broken Access Control |
| 6 | Security Misconfiguration | Sicherheitsrelevante Fehlkonfiguration | Sensitive Data Exposure | Verlust der Vertraulichkeit sensibler Daten | Security Misconfiguration |
| 7 | Insecure Cryptographic Storage | Kryptografisch unsichere Speicherung | Missing Function Level Access Control | Fehlerhafte Autorisierung auf Anwendungsebene | Cross-Site Scripting (XSS) |
| 8 | Failure to Restrict URL Access | Mangelhafter URL-Zugriffsschutz | Cross-Site Request Forgery (CSRF) | Cross-Site Request Forgery (CSRF) | Insecure Deserialization |
| 9 | Insufficient Transport Layer Protection | Unzureichende Absicherung der Transportschicht | Using Components with Known Vulnerabilities | Nutzung von Komponenten mit bekannten Schwachstellen | Using Components with Known Vulnerabilities (short: Vulnerable Components) |
| 10 | Unvalidated Redirects and Forwards | Ungeprüfte Um- und Weiterleitungen | Unvalidated Redirects and Forwards | Ungeprüfte Um- und Weiterleitungen | Insufficient Logging&Monitoring |
| 11 | In Progress | In Arbeit | In Progress | In Arbeit | In Progress |
