This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2013-A2-Broken Authentication and Session Management
From OWASP
Revision as of 20:00, 10 February 2013 by Neil Smithline (talk | contribs) (Created page with "= TEMPORARY PLACEHOLDER for 2013 T10 = {{Top_10_2013:TopTemplate|usenext=2013NextLink|next={{Top_10_2010:ByTheNumbers|1|year=2013}}(XSS)|useprev=2013PrevLink|prev=A1-Injectio...")
TEMPORARY PLACEHOLDER for 2013 T10
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
| [[Top 10 {{{year}}}-A1-Injection|← A1-Injection]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-Injection(XSS)|Injection(XSS) →]] |
| Threat Agents | Attack Vectors | Security Weakness | Technical Impacts | Business Impacts | |
|---|---|---|---|---|---|
| Application Specific | Exploitability EASY |
Prevalence COMMON |
Detectability AVERAGE |
Impact SEVERE |
Application / Business Specific |
| blank. | blank | blank | blank | blank | |
|
Am I Vulnerable To 'Cross-Site Scripting (XSS)'?
blank |
How Do I Prevent 'Cross-Site Scripting (XSS)'?
blank
|
|
Example Attack Scenarios
blank blank code
blank http://example.com/app/accountView?id=' or '1'='1
blank |
References
OWASP External |
| [[Top 10 {{{year}}}-Main|← Main]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-A2-Cross-Site Scripting (XSS)|A2-Cross-Site Scripting (XSS) →]] |
aaa Cross-Site Scripting (XSS) bbb
