This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Template:Top 10 2010:ByTheNumbers"
From OWASP
(OWASP Top 10-2017 Release) |
|||
Line 102: | Line 102: | ||
{{#switch: {{{1}}} | {{#switch: {{{1}}} | ||
| 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }} | | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }} | ||
− | | 2={{Top_10:LanguageFile|text= | + | | 2={{Top_10:LanguageFile|text=brokenAuth|language={{{language}}} }} |
− | | 3={{Top_10:LanguageFile|text= | + | | 3={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }} |
− | | 4={{Top_10:LanguageFile|text= | + | | 4={{Top_10:LanguageFile|text=xxe|language={{{language}}} }} |
− | | 5={{Top_10:LanguageFile|text= | + | | 5={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }} |
− | | 6={{Top_10:LanguageFile|text= | + | | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }} |
− | | 7={{Top_10:LanguageFile|text= | + | | 7={{Top_10:LanguageFile|text=xss|language={{{language}}} }} |
− | | 8={{Top_10:LanguageFile|text= | + | | 8={{Top_10:LanguageFile|text=insecureDeserialization|language={{{language}}} }} |
| 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }} | | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }} | ||
− | | 10={{Top_10:LanguageFile|text= | + | | 10={{Top_10:LanguageFile|text=insufficientLoggingMonitoring|language={{{language}}} }} |
| 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }} | | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }} | ||
}} | }} |
Revision as of 23:56, 11 December 2017
Usage:
{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}} }}
Example:
{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}} {{Top_10_2010:ByTheNumbers|2|year=2013}} <!-- Default-Language = English ---> {{Top_10_2010:ByTheNumbers|2|language=de}} <!-- Default-Year = 2010 --->
Number | English 2010 | German 2010 | English 2013 | German 2013 | English 2017 |
---|---|---|---|---|---|
1 | Injection | Injection | Injection | Injection | Injection |
2 | Cross-Site Scripting (XSS) | Cross-Site Scripting (XSS) | Broken Authentication and Session Management | Fehler in Authentifizierung und Session-Management | Broken Authentication |
3 | Broken Authentication and Session Management | Fehler in Authentifizierung und Session-Management | Cross-Site Scripting (XSS) | Cross-Site Scripting (XSS) | Sensitive Data Exposure |
4 | Insecure Direct Object References | Unsichere direkte Objektreferenzen | Insecure Direct Object References | Unsichere direkte Objektreferenzen | XML External Entities (XXE) |
5 | Cross-Site Request Forgery (CSRF) | Cross-Site Request Forgery (CSRF) | Security Misconfiguration | Sicherheitsrelevante Fehlkonfiguration | Broken Access Control |
6 | Security Misconfiguration | Sicherheitsrelevante Fehlkonfiguration | Sensitive Data Exposure | Verlust der Vertraulichkeit sensibler Daten | Security Misconfiguration |
7 | Insecure Cryptographic Storage | Kryptografisch unsichere Speicherung | Missing Function Level Access Control | Fehlerhafte Autorisierung auf Anwendungsebene | Cross-Site Scripting (XSS) |
8 | Failure to Restrict URL Access | Mangelhafter URL-Zugriffsschutz | Cross-Site Request Forgery (CSRF) | Cross-Site Request Forgery (CSRF) | Insecure Deserialization |
9 | Insufficient Transport Layer Protection | Unzureichende Absicherung der Transportschicht | Using Components with Known Vulnerabilities | Nutzung von Komponenten mit bekannten Schwachstellen | Using Components with Known Vulnerabilities |
10 | Unvalidated Redirects and Forwards | Ungeprüfte Um- und Weiterleitungen | Unvalidated Redirects and Forwards | Ungeprüfte Um- und Weiterleitungen | Insufficient Logging&Monitoring |
11 | In Progress | In Arbeit | In Progress | In Arbeit | In Progress |