This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP Source Code Flaws Top 10 Project Index"
From OWASP
| Line 3: | Line 3: | ||
{| border='1' cellpadding='2' | {| border='1' cellpadding='2' | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C1|C1 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C1|C1 - Design Weakness]] |
| − | |A | + | |A design weakness occurs when your business logic isn't strong enough to a threat modeling activity so it may be easy for an attacker to subvert your application behavior. Design is also about objects scope and visibility so extra care must be taken to what your program expose to others. |
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C2|C2 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C2|C2 - Architectural Weakness]] |
| − | | | + | |Your application at runtime is not a standalone part of the entire world, it depends over auxiliary system. An architectural weakness occurs when your code interact in a non safe way to auxiliary systems. |
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C3|C3 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C3|C3 - Missing input validation]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C4|C4 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C4|C4 - Insecure communications]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C5|C5 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C5|C5 - Information leakage and improper error handling]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C6|C6 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C6|C6 - Direct object reference]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C7|C7 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C7|C7 - Misuse of local resources]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C8|C8 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C8|C8 - Usage of potentially dangerous APIs]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C9|C9 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C9|C9 - Documentation weakness]] |
|A | |A | ||
|- | |- | ||
| − | |[[Source_Code_Flaws_Top_10_2009-C10|C10 - ]] | + | |[[Source_Code_Flaws_Top_10_2009-C10|C10 - Best practices violation]] |
|A | |A | ||
|} | |} | ||
'''<center>Table 1: Top 10 Source code flaws for 2009</center>''' | '''<center>Table 1: Top 10 Source code flaws for 2009</center>''' | ||
Revision as of 11:16, 15 December 2008
The OWASP Source Code Flaws Top 10
| C1 - Design Weakness | A design weakness occurs when your business logic isn't strong enough to a threat modeling activity so it may be easy for an attacker to subvert your application behavior. Design is also about objects scope and visibility so extra care must be taken to what your program expose to others. |
| C2 - Architectural Weakness | Your application at runtime is not a standalone part of the entire world, it depends over auxiliary system. An architectural weakness occurs when your code interact in a non safe way to auxiliary systems. |
| C3 - Missing input validation | A |
| C4 - Insecure communications | A |
| C5 - Information leakage and improper error handling | A |
| C6 - Direct object reference | A |
| C7 - Misuse of local resources | A |
| C8 - Usage of potentially dangerous APIs | A |
| C9 - Documentation weakness | A |
| C10 - Best practices violation | A |
This category currently contains no pages or media.
