This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10 2010-Main"
From OWASP
(→OWASP Top 10 Application Security Risks 2010) |
|||
| Line 5: | Line 5: | ||
{| cellspacing="1" cellpadding="1" border="1" width="95%" | {| cellspacing="1" cellpadding="1" border="1" width="95%" | ||
|- | |- | ||
| − | | [[ | + | | [[Top_10_2010-A1|A1-Injection]] |
|Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. | |Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. | ||
|- | |- | ||
Revision as of 22:20, 15 April 2010
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
| «««« | Top 10 Risks |
»»»» |
OWASP Top 10 Application Security Risks 2010
| A1-Injection | Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
| A2-Cross Site Scripting (XSS) |
|
| A3- Broken Authentication and Session Management |
|
| A4-Insecure Direct Object References |
|
| A5-Cross Site Request Forgery (CSRF) |
|
| A6-Security Misconfiguration |
|
| A7-Failure to Restrict URL Access |
|
| A8-Unvalidated Redirects and Forwards |
|
| A9-Insecure Cryptographic Storage |
|
| A10-Insufficient Transport Layer Protection |
|
| «««« | Top 10 Risks |
»»»» |
