This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2010-Main
From OWASP
Revision as of 22:20, 15 April 2010 by Neil Smithline (talk | contribs) (→OWASP Top 10 Application Security Risks 2010)
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
«««« | Top 10 Risks |
»»»» |
OWASP Top 10 Application Security Risks 2010
A1-Injection | Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
A2-Cross Site Scripting (XSS) |
|
A3- Broken Authentication and Session Management |
|
A4-Insecure Direct Object References |
|
A5-Cross Site Request Forgery (CSRF) |
|
A6-Security Misconfiguration |
|
A7-Failure to Restrict URL Access |
|
A8-Unvalidated Redirects and Forwards |
|
A9-Insecure Cryptographic Storage |
|
A10-Insufficient Transport Layer Protection |
|
«««« | Top 10 Risks |
»»»» |