This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Top 10 2010:ByTheNumbers"

From OWASP
Jump to: navigation, search
m (Editorial changes (added some spaces))
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
<!-------------------------------------------------------->
 
<!-------------------------------------------------------->
 
==='''Usage:''' ===
 
==='''Usage:''' ===
   <nowiki>{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}} }}</nowiki>
+
   <nowiki>{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}</nowiki><br/><nowiki>                                                      <!-- the 'type=short' is opional (used for '+RF') ---></nowiki>
 
<br/>
 
<br/>
 
=== '''Example:''' ===
 
=== '''Example:''' ===
 
   <nowiki>{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 
   <nowiki>{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
  {{Top_10_2010:ByTheNumbers|2|year=2013}}   <!-- Default-Language = English --->
+
  {{Top_10_2010:ByTheNumbers|2|year=2013}}             <!-- Default-Language = English --->
  {{Top_10_2010:ByTheNumbers|2|language=de}} <!-- Default-Year = 2010 ---></nowiki>
+
  {{Top_10_2010:ByTheNumbers|2|language=de}}           <!-- Default-Year = 2010 --->
 +
{{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}  <!-- Type = short ---></nowiki>
 +
 
 
<br/>
 
<br/>
 
{| class="wikitable" cellspacing="1" cellpadding="1" border="1" width="100%;"
 
{| class="wikitable" cellspacing="1" cellpadding="1" border="1" width="100%;"
Line 81: Line 83:
 
| {{Top_10_2010:ByTheNumbers|9|year=2013}}
 
| {{Top_10_2010:ByTheNumbers|9|year=2013}}
 
| {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}
 
| {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}
| {{Top_10_2010:ByTheNumbers|9|year=2017}}
+
| {{Top_10_2010:ByTheNumbers|9|year=2017}} (short: {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}})
 
|-
 
|-
 
| 10
 
| 10
Line 102: Line 104:
 
         {{#switch: {{{1}}}
 
         {{#switch: {{{1}}}
 
             | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
 
             | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
             | 2={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }}
+
             | 2={{Top_10:LanguageFile|text=brokenAuth|language={{{language}}} }}
             | 3={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
+
             | 3={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
             | 4={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }}
+
             | 4={{Top_10:LanguageFile|text=xxe|language={{{language}}} }}
             | 5={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
+
             | 5={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }}
             | 6={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
+
             | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
             | 7={{Top_10:LanguageFile|text=insufficientAttackPrevention|language={{{language}}} }}
+
             | 7={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
             | 8={{Top_10:LanguageFile|text=csrf|language={{{language}}} }}
+
             | 8={{Top_10:LanguageFile|text=insecureDeserialization|language={{{language}}} }}
             | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
+
             | 9={{#switch: {{{type}}}
             | 10={{Top_10:LanguageFile|text=underprotectedAPIs|language={{{language}}} }}
+
                | short  ={{Top_10:LanguageFile|text=vulnComponents|language={{{language}}} }}
 +
                | #default={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
 +
                }}
 +
             | 10={{Top_10:LanguageFile|text=insufficientLoggingMonitoring|language={{{language}}} }}
 
             | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 
             | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 
         }}
 
         }}

Latest revision as of 14:38, 7 January 2018

Usage:

 {{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}
<!-- the 'type=short' is opional (used for '+RF') --->


Example:

 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 {{Top_10_2010:ByTheNumbers|2|year=2013}}             <!-- Default-Language = English --->
 {{Top_10_2010:ByTheNumbers|2|language=de}}           <!-- Default-Year = 2010 --->
 {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}  <!-- Type = short --->


Number English 2010 German 2010 English 2013 German 2013 English 2017
1 Injection Injection Injection Injection Injection
2 Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Broken Authentication
3 Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Sensitive Data Exposure
4 Insecure Direct Object References Unsichere direkte Objektreferenzen Insecure Direct Object References Unsichere direkte Objektreferenzen XML External Entities (XXE)
5 Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Broken Access Control
6 Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Sensitive Data Exposure Verlust der Vertraulichkeit sensibler Daten Security Misconfiguration
7 Insecure Cryptographic Storage Kryptografisch unsichere Speicherung Missing Function Level Access Control Fehlerhafte Autorisierung auf Anwendungsebene Cross-Site Scripting (XSS)
8 Failure to Restrict URL Access Mangelhafter URL-Zugriffsschutz Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Insecure Deserialization
9 Insufficient Transport Layer Protection Unzureichende Absicherung der Transportschicht Using Components with Known Vulnerabilities Nutzung von Komponenten mit bekannten Schwachstellen Using Components with Known Vulnerabilities (short: Vulnerable Components)
10 Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Insufficient Logging&Monitoring
11 In Progress In Arbeit In Progress In Arbeit In Progress