This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Germany/Projekte/Top 10-2013-Details zu Risiko-Faktoren"
(Import vom engl. Wiki, mit language=de) |
(Final Update according to German Translation of the Top 10) |
||
Line 10: | Line 10: | ||
{{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=top10RiskFactorSummary|language=de}}|width=100%|year=2013|language=de}} | {{Top_10:SubsectionTableBeginTemplate|type=main}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=firstWhole|title={{Top_10:LanguageFile|text=top10RiskFactorSummary|language=de}}|width=100%|year=2013|language=de}} | ||
− | + | Die folgende Tabelle stellt eine Zusammenfassung der Top 10 Risiken für die Anwendungssicherheit in der Version des Jahres | |
+ | 2013 und der dazugehörigen Risiko-Faktoren dar. Diese Faktoren wurden durch verfügbare Statistiken und die Erfahrung des | ||
+ | OWASP Top 10 Teams bestimmt. Um diese Risiken für eine bestimmte Anwendung oder Organisation zu verstehen, muss der | ||
+ | geneigte Leser seine eigenen, <u>spezifischen Bedrohungsquellen und Auswirkungen auf sein Unternehmen</u> in Betracht ziehen. | ||
+ | Selbst eklatante Software-Schwachstellen müssen nicht zwangsläufig ein ernsthaftes Risiko darstellen, wenn es z.B. keine | ||
+ | Bedrohungsquellen gibt, die den notwendigen Angriff ausführen können oder die tatsächlichen Auswirkungen auf das | ||
+ | Unternehmen und die Geschäftsprozesse zu vernachlässigen sind. | ||
<center> | <center> | ||
Line 30: | Line 36: | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=1|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A2-{{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2-{{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A2-{{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}|A2-{{Top_10:LanguageFile|text=authentication|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=2|impact=1|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=2|impact=1|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
Line 41: | Line 47: | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=1|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=0|detectability=1|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A4-{{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4-{{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A4-{{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}|A4-{{Top_10:LanguageFile|text=insecureDOR|year=2013|language=de}}]]</td><td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A5-{{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5-{{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A5-{{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}|A5-{{Top_10:LanguageFile|text=misconfig|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A6-{{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6-{{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A6-{{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}|A6-{{Top_10:LanguageFile|text=sensData|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=3|prevalence=3|detectability=2|impact=1|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A7-{{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7-{{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A7-{{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}|A7-{{Top_10:LanguageFile|text=functionAcc|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=1|prevalence=2|detectability=2|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A8-{{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8-{{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A8-{{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}|A8-{{Top_10:LanguageFile|text=csrfShort|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=2|detectability=1|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A9-{{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9-{{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A9-{{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}|A9-{{Top_10:LanguageFile|text=vulnComponents|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=3|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=1|detectability=3|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
<tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A10-{{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10-{{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td> | <tr><td style="border: 3px solid #444444;">[[{{Top_10:LanguageFile|text=documentRootTop10|year=2013|language=de}}-A10-{{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}|A10-{{Top_10:LanguageFile|text=unvalRedirects|year=2013|language=de}}]]</td> | ||
<td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | <td style="border: 3px solid #444444;"><b>{{Top_10:LanguageFile|text=appSpecific|language=de}}</b></td> | ||
{{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=de|year=2013}} | {{Top_10:SummaryTableTemplate|type=valueOnly|exploitability=2|prevalence=3|detectability=1|impact=2|language=de|year=2013}} | ||
− | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text= | + | <td style="border: 3px solid #444444"><b>{{Top_10:LanguageFile|text=appBusinessSpecific|language=de}}</b></td></tr> |
</table></center> <!-- End risk table --> | </table></center> <!-- End risk table --> | ||
Line 81: | Line 87: | ||
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=whole|title={{Top_10:LanguageFile|text=additionalRisksToConsider|language=de}}|width=100%|year=2013|language=de}} | {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=freetext|position=whole|title={{Top_10:LanguageFile|text=additionalRisksToConsider|language=de}}|width=100%|year=2013|language=de}} | ||
− | + | Die Top 10 deckt bereits sehr viele Problemfelder ab. Es gibt dennoch weitere Risiken, die man in Betracht ziehen und im | |
+ | jeweiligen Unternehmen oder der Organisation evaluieren sollte. Einige von diesen waren schon in früheren Versionen der Top | ||
+ | 10 enthalten, andere nicht - wie z.B. neue Angriffs-Techniken. Andere wichtige Risiken sind (in alphabetischer Reihenfolge): | ||
* [https://www.owasp.org/index.php/Clickjacking Clickjacking] | * [https://www.owasp.org/index.php/Clickjacking Clickjacking] | ||
* [https://www.owasp.org/index.php/Testing_for_Race_Conditions_(OWASP-AT-010) Concurrency Flaws] | * [https://www.owasp.org/index.php/Testing_for_Race_Conditions_(OWASP-AT-010) Concurrency Flaws] | ||
− | * [https://www.owasp.org/index.php/Application_Denial_of_Service Denial of Service] ( | + | * [https://www.owasp.org/index.php/Application_Denial_of_Service Denial of Service] (war in der 2004 OWASP Top 10 als Eintrag 2004-A9 enthalten) |
* [https://www.aspectsecurity.com/uploads/downloads/2011/09/ExpressionLanguageInjection.pdf Expression Language Injection] ([http://cwe.mitre.org/data/definitions/917.html CWE-917]) | * [https://www.aspectsecurity.com/uploads/downloads/2011/09/ExpressionLanguageInjection.pdf Expression Language Injection] ([http://cwe.mitre.org/data/definitions/917.html CWE-917]) | ||
− | * [http://projects.webappsec.org/Information-Leakage Information Leakage] | + | * [http://projects.webappsec.org/Information-Leakage Information Leakage] und [https://www.owasp.org/index.php/Top_10_2007-A6 Improper Error Handling] ( (war Teil der 2007er Top 10 – [https://www.owasp.org/index.php/Top_10_2007-A6 Eintrag 2007-A6]) |
− | * [http://projects.webappsec.org/Insufficient+Anti-automation | + | * [http://projects.webappsec.org/Insufficient+Anti-automation Insufficient Anti-automation] ([http://cwe.mitre.org/data/definitions/799.html CWE-799]) |
− | * Insufficient Logging and Accountability ( | + | * Insufficient Logging and Accountability ((floss in 2007 Top 10 – [https://www.owasp.org/index.php/Top_10_2007-A6 Eintrag 2007-A6]) |
* [https://www.owasp.org/index.php/ApplicationLayerIntrustionDetection Lack of Intrusion Detection and Response] | * [https://www.owasp.org/index.php/ApplicationLayerIntrustionDetection Lack of Intrusion Detection and Response] | ||
− | * [https://www.owasp.org/index.php/Top_10_2007-A3 Malicious File Execution] ( | + | * [https://www.owasp.org/index.php/Top_10_2007-A3 Malicious File Execution] (war in 2007er Top 10 – [https://www.owasp.org/index.php/Top_10_2007-A3 Eintrag 2007-A3]) |
* [http://en.wikipedia.org/wiki/Mass_assignment_vulnerability Mass Assignment] ([http://cwe.mitre.org/data/definitions/915.html CWE-915]) | * [http://en.wikipedia.org/wiki/Mass_assignment_vulnerability Mass Assignment] ([http://cwe.mitre.org/data/definitions/915.html CWE-915]) | ||
− | * [https://www.owasp.org/index.php/Privacy_Violation User Privacy] | + | * [https://www.owasp.org/index.php/Privacy_Violation User Privacy], vgl auch [[OWASP Top 10 Privacy Risks Project|OWASP Top 10 Privacy Risks]]-Projekt |
{{Top_10:SubsectionTableEndTemplate}} | {{Top_10:SubsectionTableEndTemplate}} |
Revision as of 17:39, 27 February 2016
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
Zusammenfassung der Top 10 Risiko-Faktoren
Die folgende Tabelle stellt eine Zusammenfassung der Top 10 Risiken für die Anwendungssicherheit in der Version des Jahres 2013 und der dazugehörigen Risiko-Faktoren dar. Diese Faktoren wurden durch verfügbare Statistiken und die Erfahrung des OWASP Top 10 Teams bestimmt. Um diese Risiken für eine bestimmte Anwendung oder Organisation zu verstehen, muss der geneigte Leser seine eigenen, spezifischen Bedrohungsquellen und Auswirkungen auf sein Unternehmen in Betracht ziehen. Selbst eklatante Software-Schwachstellen müssen nicht zwangsläufig ein ernsthaftes Risiko darstellen, wenn es z.B. keine Bedrohungsquellen gibt, die den notwendigen Angriff ausführen können oder die tatsächlichen Auswirkungen auf das Unternehmen und die Geschäftsprozesse zu vernachlässigen sind.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Weitere zu betrachtende Risiken
Die Top 10 deckt bereits sehr viele Problemfelder ab. Es gibt dennoch weitere Risiken, die man in Betracht ziehen und im jeweiligen Unternehmen oder der Organisation evaluieren sollte. Einige von diesen waren schon in früheren Versionen der Top 10 enthalten, andere nicht - wie z.B. neue Angriffs-Techniken. Andere wichtige Risiken sind (in alphabetischer Reihenfolge):
|