This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Editing:Top 10 2007"

From OWASP
Jump to: navigation, search
Line 2: Line 2:
 
This page is intended as an aid to editors of the 2007 Top 10 Vulnerabilities list.
 
This page is intended as an aid to editors of the 2007 Top 10 Vulnerabilities list.
  
Please help grow this page.
+
Please help this page grow.
  
  
Line 75: Line 75:
 
|References
 
|References
 
|}
 
|}
 +
 +
==Markup Used==
 +
{| border="1" cellpadding="2"
 +
!style="background:#FFFF99"|Markup or Style
 +
!style="background:#FFFF99"|When used
 +
|-
 +
|<nowiki> = </nowiki>
 +
|H1 - Never used in top 10
 +
|-
 +
|<nowiki> == </nowiki>
 +
|H2 - used as main headers within a page. Will be appear in TOC if one is included.
 +
|-
 +
|<nowiki> &lt; and &gt; </nowiki>
 +
|Used instead of &lt; and &gt; when used as strings as compared to HTML tags. Sometimes the Wiki allows &lt; and &gt; to go through without using the escapes but sometimes it does bad things. For example <em><nowiki><b> '''BOLD''' notbold</nowiki></em> actually produces <em><b> '''BOLD''' notbold</em>. Probably not what you want.
 +
|-
 +
|<nowiki> === </nowiki>
 +
|H3 - used as second-level headers within a page. Will not appear in TOC by default.
 +
|-
 +
|<nowiki> __NOTOC__ </nowiki>
 +
|Prevents default display of TOC which happens as soon as there is a total of four or more H1 (shouldn't be used) or H2 headers.
 +
|-
 +
|<nowiki> __TOC__ </nowiki>
 +
|Forces creation of a TOC at that point - even if a TOC would otherwise have not been generated.
 +
|-
 +
|<nowiki> &ldquo; and &rdquo; </nowiki>
 +
|Used as &ldquo;double quote characters&rdquo; where needed.
 +
|-
 +
|<nowiki> &lsquo; and &rsquo; </nowiki>
 +
|Used as &ls;uo;singe quote characters&rsquo; where needed.
 +
|}
 +
  
 
==Template Pages==
 
==Template Pages==

Revision as of 14:26, 13 May 2007

Introduction

This page is intended as an aid to editors of the 2007 Top 10 Vulnerabilities list.

Please help this page grow.



Content Pages

Page Link Contents of Page
Top_10_2007 The main page.
Top 10 2007-Summary The summary section.
Top 10 2007-Methodology The methodology section.
Top 10 2007-Cross Site Scripting

Top 10 2007-A1
Top 10 2007-XSS

A1: XSS vulnerability
Top 10 2007-Injection Flaws

Top 10 2007-A2

A2: Injection Flaws
Top 10 2007-Malicious File Execution

Top 10 2007-A3

A3: Malicious File Execution
Top 10 2007-Insecure Direct Object Reference

Top 10 2007-A4

A4: Insecure Direct Object Reference
Top 10 2007-Cross Site Request Forgery

Top 10 2007-A5 Top 10 2007-CSRF

A5: Cross Site Request Forgery
Top 10 2007-Information Leakage and Improper Error Handling

Top 10 2007-Improper Error Handling
Top 10 2007-Information Leakage
Top 10 2007-A6

A6: Information Leakage and Improper Error Handling
Top 10 2007-Broken Authentication and Session Management

Top 10 2007-Broken Authentication
Top 10 2007-Session Management
Top 10 2007-A7

A7: Broken Authentication and Session Management
Top 10 2007-Insecure Cryptographic Storage

Top 10 2007-A8

A8: Insecure Cryptographic Storage
Top 10 2007-Insecure Communications

Top 10 2007-A9

A9: Insecure Communications
Top 10 2007-Failure to Restrict URL Access

Top 10 2007-A10

A10: Failure to Restrict URL Access
Top 10 2007-Where to Go From Here Where to Go From Here
Top 10 2007-References References

Markup Used

Markup or Style When used
= H1 - Never used in top 10
== H2 - used as main headers within a page. Will be appear in TOC if one is included.
< and > Used instead of < and > when used as strings as compared to HTML tags. Sometimes the Wiki allows < and > to go through without using the escapes but sometimes it does bad things. For example <b> '''BOLD''' notbold actually produces BOLD notbold</em>. Probably not what you want.
=== H3 - used as second-level headers within a page. Will not appear in TOC by default.
__NOTOC__ Prevents default display of TOC which happens as soon as there is a total of four or more H1 (shouldn't be used) or H2 headers.
__TOC__ Forces creation of a TOC at that point - even if a TOC would otherwise have not been generated.
“ and ” Used as “double quote characters” where needed.
‘ and ’ Used as &ls;uo;singe quote characters’ where needed.


Template Pages

Page Link Contents of Page
Template:Top_10_2007:TopTemplate Template to produce the top of the page.
Template:Top_10_2007:BottomTemplate Template to produce the bottom of the page.
Template:PrevLink Template to produce link to previous page in Template:Top_10_2007:TopTemplate and Template:Top_10_2007:BottomTemplate.
Template:MainLink Template to produce link to the Top_10_2007 main page in Template:Top_10_2007:TopTemplate and Template:Top_10_2007:BottomTemplate.
Template:Nothing Template that produces nothing. It is used by Template:Top_10_2007:TopTemplate and Template:Top_10_2007:BottomTemplate to produce nothing. For example, Top 10 2007 has no previous nor main link so the Nothing template is called instead.
Template:FIXUP Template that produces FIXUP notes. The template takes two arguments. The first is a name identifying the user (could be full name, username, initials, it is simply for identification) who added the FIXUP tag. The second is a comment about what needs to be fixed up. For example, {{FIXUP|Neil Smithline|Demo of FIXUP}} produces

FIXUP: {{{1}}}: {{{2}}}

.

General Wiki Help

See Help:Contents.

About Templates

Before doing anything with the templates I strongly suggest you have familiarity with Wikipedia's Template Help and Wikipedia's Advanced Templates Help.