This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
CRV2 FrameworkSpecIssuesASPTop10
From OWASP
Revision as of 20:54, 23 July 2013 by Johanna Curiel (talk | contribs) (Created page with "=Using OWASP TOP 10 as your guideline= The OWASP TOP 10 is a detailed list of the highest security risks web application faces. It help us identify the most critical security...")
Using OWASP TOP 10 as your guideline
The OWASP TOP 10 is a detailed list of the highest security risks web application faces. It help us identify the most critical security threats facing organizations. Performing a Code review efficiently requires using a model or framework that help us identify these issues quickly. Consequently, OWASP TOP 10 is one of these guides that provides us with the necessary information to implement proper Code Review.
Applying OWASP TOP 10 to ASP.NET code review
The following table contains OWASP TOP 10 - 2013 guideline and how you can apply this during your code review
| OWASP TOP 10 risk | Description | What to look for in the code |
|---|---|---|
| A1 Injection | Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. |
|
| A2 Broken Authentication and Session Management | Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities. |
|
| Example | Example | Example |
