This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Germany/Projekte/Top 10-2013-Neuerungen"
(Import vom engl. Wiki, mit laguage=de) |
m (doppelten Parameter '|useprev' gelöscht) |
||
(One intermediate revision by the same user not shown) | |||
Line 15: | Line 15: | ||
<li>We broadened Failure to Restrict URL Access from the 2010 OWASP Top 10 to be more inclusive: | <li>We broadened Failure to Restrict URL Access from the 2010 OWASP Top 10 to be more inclusive: | ||
<p style="padding-left: 2em; text-indent: -2em;"> | <p style="padding-left: 2em; text-indent: -2em;"> | ||
− | + 2010-A8: Failure to Restrict URL Access is now 2013-A7: Missing Function Level Access Control – to cover all of function level access control. There are many ways to specify which function is being accessed, not just the URL.</p></li> | + | + 2010-A8: Failure to Restrict URL Access is now <u>2013-A7: Missing Function Level Access Control</u> – to cover all of function level access control. There are many ways to specify which function is being accessed, not just the URL.</p></li> |
− | <li>We merged and broadened 2010-A7 & 2010-A9 to CREATE: 2013-A6: Sensitive Data Exposure: | + | <li>We merged and broadened 2010-A7 & 2010-A9 to CREATE: <u>2013-A6: Sensitive Data Exposure</u>: |
<p style="padding-left: 2em; text-indent: -2em;"> | <p style="padding-left: 2em; text-indent: -2em;"> | ||
- This new category was created by merging 2010-A7 – Insecure Cryptographic Storage & 2010-A9 - Insufficient Transport Layer Protection, plus adding browser side sensitive data risks as well. This new category covers sensitive data protection (other than access control which is covered by 2013-A4 and 2013-A7) from the moment sensitive data is provided by the user, sent to and stored within the application, and then sent back to the browser again.</p></li> | - This new category was created by merging 2010-A7 – Insecure Cryptographic Storage & 2010-A9 - Insufficient Transport Layer Protection, plus adding browser side sensitive data risks as well. This new category covers sensitive data protection (other than access control which is covered by 2013-A4 and 2013-A7) from the moment sensitive data is provided by the user, sent to and stored within the application, and then sent back to the browser again.</p></li> | ||
− | <li>We added: 2013-A9: Using Known | + | <li>We added: <u>2013-A9: Using Components with Known Vulnerabilities</u>: |
<p style="padding-left: 2em; text-indent: -2em;"> | <p style="padding-left: 2em; text-indent: -2em;"> | ||
− | + This issue was mentioned as part of 2010-A6 – Security Misconfiguration, but now | + | + This issue was mentioned as part of 2010-A6 – Security Misconfiguration, but now has a category of its own as the growth and depth of component based development has significantly increased the risk of using components with known vulnerabilities.</p></li> |
</ol> | </ol> | ||
{{Top_10:SubsectionTableEndTemplate}} | {{Top_10:SubsectionTableEndTemplate}} | ||
Line 66: | Line 66: | ||
{{Top_10_2013:BottomTemplate | {{Top_10_2013:BottomTemplate | ||
|usenext=2013NextLink | |usenext=2013NextLink | ||
− | |||
|next={{Top_10:LanguageFile|text=risk|year=2013|language=de}} | |next={{Top_10:LanguageFile|text=risk|year=2013|language=de}} | ||
|useprev=2013PrevLink | |useprev=2013PrevLink |
Latest revision as of 20:14, 23 April 2017
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
Was hat sich von Version 2010 zu 2013 verändert?
The threat landscape for applications security constantly changes. Key factors in this evolution are advances made by attackers, the release of new technologies with new weaknesses as well as more built in defenses, and the deployment of increasingly complex systems. To keep pace, we periodically update the OWASP Top 10. In this 2013 release, we made the following changes:
|