This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2013-A5-Security Misconfiguration
From OWASP
Revision as of 20:24, 10 February 2013 by Neil Smithline (talk | contribs) (Created page with "= TEMPORARY PLACEHOLDER for 2013 T10 = {{Top_10_2013:TopTemplate |usenext=2013NextLink |next={{Top_10_2010:ByTheNumbers |6 |year=2013}} ...")
TEMPORARY PLACEHOLDER for 2013 T10
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
[[Top 10 {{{year}}}-Insecure Direct Object References|← Insecure Direct Object References]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-Sensitive Data Exposure|Sensitive Data Exposure →]] |
Threat Agents | Attack Vectors | Security Weakness | Technical Impacts | Business Impacts | |
---|---|---|---|---|---|
Application Specific | Exploitability EASY |
Prevalence COMMON |
Detectability AVERAGE |
Impact SEVERE |
Application / Business Specific |
blank. | blank | blank | blank | blank |
Am I Vulnerable To 'Security Misconfiguration'?
blank |
How Do I Prevent 'Security Misconfiguration'?
blank
|
Example Attack Scenarios
blank blank code
blank http://example.com/app/accountView?id=' or '1'='1
blank |
References
OWASP External |
[[Top 10 {{{year}}}-Insecure Direct Object References|← Insecure Direct Object References]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-Sensitive Data Exposure|Sensitive Data Exposure →]] |