Difference between revisions of "Germany/Projekte/Top 10 fuer Entwickler-2013/Details zu Risiko-Faktoren"

Revision as of 09:21, 4 July 2013

TEST-TEST TEST -- Seite in Bearbeitung (BAUSTELLE!!) TEST-TEST TEST

Es geht nicht um Schwachstellen, sondern um Risiken

RISIKO	Bedrohungsquellen	Angriffsvektoren	Schwachstellen (Verbreitung)	Schwachstellen (Auffindbarkeit)	Technische Auswirkung	Auswirkung auf das Unternehmen
A1 Injection	?	EINFACH	HÄUFIG	DURCHSCHNITTLICH	SCHWERWIEGEND	?
A2 Authentifizierung	?	DURCHSCHNITTLICH	SEHR HÄUFIG	DURCHSCHNITTLICH	SCHWERWIEGEND	?
A3 XSS	?	DURCHSCHNITTLICH	AUSSERGEWÖHNLICH HÄUFIG	EINFACH	MITTEL	?
A4 Unsichere direkte Objektreferenzen	?	EINFACH	HÄUFIG	EINFACH	MITTEL	?
A5 Fehlkonfiguration	?	EINFACH	HÄUFIG	EINFACH	MITTEL	?
A6 Sens. Data	?	SCHWIERIG	SELTEN	DURCHSCHNITTLICH	SCHWERWIEGEND	?
A7 Fehlerh. Autorisierung	?	EINFACH	HÄUFIG	DURCHSCHNITTLICH	MITTEL	?
A8 CSRF	?	DURCHSCHNITTLICH	HÄUFIG	EINFACH	MITTEL	?
A9 Komponenten mit Schwachstellen	?	DURCHSCHNITTLICH	SEHR HÄUFIG	SCHWIERIG	MITTEL	?
A10 Ungepr. Weiterltg.	?	DURCHSCHNITTLICH	SELTEN	EINFACH	MITTEL	?

Weitere zu betrachtende Risiken

Clickjacking
Concurrency Flaws
Denial of Service (Was 2004 Top 10 – Entry 2004-A9)
Expression Language Injection
Information Leakage and Improper Error Handling (Was part of 2007 Top 10 – Entry 2007-A6)
Insufficient Anti-automation
Insufficient Logging and Accountability (Related to 2007 Top 10 – Entry 2007-A6)
Lack of Intrusion Detection and Response
Malicious File Execution (Was 2007 Top 10 – Entry 2007-A3)
Mass Assignment
User Privacy

← Top 10 fuer Entwickler/Anmerkungen zum Risikobegriff

Top 10 fuer Entwickler-2013: Inhaltsverzeichnis

Die Top-10-Risiken

@@ Line 8: / Line 8: @@
 {{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=itsAboutRisksNotWeaknesses|language=de}}|width=100%|year=2013}}
-===!!2013!!=== => Links funktionieren nur für A1, A4 & A10!!! => tbd <!---- temporär --->
 <center>
 <table style="align:center; border-collapse: collapse; text-align:center; margin: 0px 5px 0px 5px; border: 3px solid #444444;
@@ Line 24: / Line 23: @@
 </tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}|A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A1-{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}|A1 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A2 {{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2 {{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A2-{{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2 {{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=2|impact=1|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A3 {{Top_10_2010:ByTheNumbers|3|language=de|year=2013}}|A3 {{Top_10:LanguageFile|text=xssShort|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A3-{{Top_10_2010:ByTheNumbers|3|language=de|year=2013}}|A3 {{Top_10:LanguageFile|text=xssShort|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=1|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A4 {{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4 {{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>?</b></td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A4-{{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4 {{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A5 {{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5 {{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A5-{{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5 {{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A6 {{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6 {{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A6-{{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6 {{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A7 {{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7 {{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A7-{{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7 {{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A8 {{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8 {{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A8-{{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8 {{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=1|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A9 {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9 {{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A9-{{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9 {{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=3|impact=2|language=de|year=2013}}
 <td style="border: 3px solid #444444"><b>?</b></td></tr>
-<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}A10 {{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10 {{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td>
+<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10DeveloperEdition|year=2013|language=de}}/A10-{{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10 {{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td>
 <td style="border: 3px solid #444444;"><b>?</b></td>
    {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=de|year=2013}}

Difference between revisions of "Germany/Projekte/Top 10 fuer Entwickler-2013/Details zu Risiko-Faktoren"

Revision as of 09:21, 4 July 2013

TEST-TEST TEST -- Seite in Bearbeitung (BAUSTELLE!!) TEST-TEST TEST

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools