This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Top 10/Mapping to WHID"
From OWASP
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Here is a mapping of the [[ | + | Here is a mapping of the [[https://www.owasp.org/index.php/Top_10_2013 | OWASP Top 10 - 2013]] to example real world entries in the [https://www.owasp.org/index.php/OWASP_WASC_Web_Hacking_Incidents_Database_Project OWASP/WASC Web Hacking Incident Database (WHID)]: |
* A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5 | * A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5 | ||
| − | * A2: | + | * A2: Broken Authentication and Session Management - https://www.google.com/fusiontables/DataSource?snapid=S1536601kboC |
| − | * A3: | + | * A3: Cross-site Scripting - https://www.google.com/fusiontables/DataSource?snapid=S856202bP-1 |
* A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz | * A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz | ||
| − | * A5: | + | * A5: Security Misconfiguration - http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA |
| − | * A6: | + | * A6: Sensitive Data Exposure - http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM |
| − | * | + | * A7: Missing Function Level Access Control - http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt |
| − | * A9: | + | * A8: Cross-site Request Forgery - https://www.google.com/fusiontables/DataSource?snapid=S856204sdBi |
| + | * A9: Using Components with Known Vulnerabilities - https://www.google.com/fusiontables/DataSource?snapid=S1536701c0JG | ||
* A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5 | * A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5 | ||
Latest revision as of 19:50, 12 March 2015
Here is a mapping of the [| OWASP Top 10 - 2013] to example real world entries in the OWASP/WASC Web Hacking Incident Database (WHID):
- A1: Injection - http://www.google.com/fusiontables/DataSource?snapid=S2086702IR5
- A2: Broken Authentication and Session Management - https://www.google.com/fusiontables/DataSource?snapid=S1536601kboC
- A3: Cross-site Scripting - https://www.google.com/fusiontables/DataSource?snapid=S856202bP-1
- A4: Insecure Direct Object Reference - http://www.google.com/fusiontables/DataSource?snapid=S208914Efwz
- A5: Security Misconfiguration - http://www.google.com/fusiontables/DataSource?snapid=S208909HtmA
- A6: Sensitive Data Exposure - http://www.google.com/fusiontables/DataSource?snapid=S2089112yxM
- A7: Missing Function Level Access Control - http://www.google.com/fusiontables/DataSource?snapid=S208910u7mt
- A8: Cross-site Request Forgery - https://www.google.com/fusiontables/DataSource?snapid=S856204sdBi
- A9: Using Components with Known Vulnerabilities - https://www.google.com/fusiontables/DataSource?snapid=S1536701c0JG
- A10: Unvalidated Redirects and Forwards - http://www.google.com/fusiontables/DataSource?snapid=S2089124qF5
