This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Top 10 2010:ByTheNumbers"

From OWASP
Jump to: navigation, search
(OWASP Top 10-2017 Release)
Line 102: Line 102:
 
         {{#switch: {{{1}}}
 
         {{#switch: {{{1}}}
 
             | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
 
             | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
             | 2={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }}
+
             | 2={{Top_10:LanguageFile|text=brokenAuth|language={{{language}}} }}
             | 3={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
+
             | 3={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
             | 4={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }}
+
             | 4={{Top_10:LanguageFile|text=xxe|language={{{language}}} }}
             | 5={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
+
             | 5={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }}
             | 6={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
+
             | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
             | 7={{Top_10:LanguageFile|text=insufficientAttackPrevention|language={{{language}}} }}
+
             | 7={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
             | 8={{Top_10:LanguageFile|text=csrf|language={{{language}}} }}
+
             | 8={{Top_10:LanguageFile|text=insecureDeserialization|language={{{language}}} }}
 
             | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
 
             | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
             | 10={{Top_10:LanguageFile|text=underprotectedAPIs|language={{{language}}} }}
+
             | 10={{Top_10:LanguageFile|text=insufficientLoggingMonitoring|language={{{language}}} }}
 
             | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 
             | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 
         }}
 
         }}

Revision as of 23:56, 11 December 2017

Usage:

 {{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}} }}


Example:

 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 {{Top_10_2010:ByTheNumbers|2|year=2013}}   <!-- Default-Language = English --->
 {{Top_10_2010:ByTheNumbers|2|language=de}} <!-- Default-Year = 2010 --->


Number English 2010 German 2010 English 2013 German 2013 English 2017
1 Injection Injection Injection Injection Injection
2 Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Broken Authentication
3 Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Sensitive Data Exposure
4 Insecure Direct Object References Unsichere direkte Objektreferenzen Insecure Direct Object References Unsichere direkte Objektreferenzen XML External Entities (XXE)
5 Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Broken Access Control
6 Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Sensitive Data Exposure Verlust der Vertraulichkeit sensibler Daten Security Misconfiguration
7 Insecure Cryptographic Storage Kryptografisch unsichere Speicherung Missing Function Level Access Control Fehlerhafte Autorisierung auf Anwendungsebene Cross-Site Scripting (XSS)
8 Failure to Restrict URL Access Mangelhafter URL-Zugriffsschutz Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Insecure Deserialization
9 Insufficient Transport Layer Protection Unzureichende Absicherung der Transportschicht Using Components with Known Vulnerabilities Nutzung von Komponenten mit bekannten Schwachstellen Using Components with Known Vulnerabilities
10 Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Insufficient Logging&Monitoring
11 In Progress In Arbeit In Progress In Arbeit In Progress