This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Template:Top 10 2010:ByTheNumbers"

From OWASP
Jump to: navigation, search
m (Editorial changes (added some spaces))
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{#switch: {{{1}}}
+
<!-------------------------------------------------------->
| Injection
+
<!-- Template:Top 10 2010:ByTheNumbers                  -->
| XSS
+
<!-------------------------------------------------------->
| Broken Authentication and Session Management
+
==='''Usage:''' ===
| Insecure Direct Object References
+
  <nowiki>{{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}</nowiki><br/><nowiki>                                                      <!-- the 'type=short' is opional (used for '+RF') ---></nowiki>
| CSRF
+
<br/>
| Security Misconfiguration
+
=== '''Example:''' ===
| Insecure Cryptographic Storage
+
  <nowiki>{{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
| Failure to Restrict URL Access
+
{{Top_10_2010:ByTheNumbers|2|year=2013}}            <!-- Default-Language = English --->
| Insufficient Transport Layer Protection
+
{{Top_10_2010:ByTheNumbers|2|language=de}}          <!-- Default-Year = 2010 --->
| Unvalidated Redirects and Forwards
+
{{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}  <!-- Type = short ---></nowiki>
}}
+
 
 +
<br/>
 +
{| class="wikitable" cellspacing="1" cellpadding="1" border="1" width="100%;"
 +
|-
 +
! style="min-width: 4%"  |Number
 +
! style="min-width: 24%" |English 2010
 +
! style="min-width: 24%" |German 2010
 +
! style="min-width: 24%" |English 2013
 +
! style="min-width: 24%" |German 2013
 +
! style="min-width: 24%" |English 2017
 +
|-
 +
| 1
 +
| {{Top_10_2010:ByTheNumbers|1}}
 +
| {{Top_10_2010:ByTheNumbers|1|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|1|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|1|year=2017}}
 +
 
 +
|-
 +
| 2
 +
| {{Top_10_2010:ByTheNumbers|2}}
 +
| {{Top_10_2010:ByTheNumbers|2|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|2|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|2|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|2|year=2017}}
 +
|-
 +
| 3
 +
| {{Top_10_2010:ByTheNumbers|3}}
 +
| {{Top_10_2010:ByTheNumbers|3|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|3|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|3|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|3|year=2017}}
 +
|-
 +
| 4
 +
| {{Top_10_2010:ByTheNumbers|4}}
 +
| {{Top_10_2010:ByTheNumbers|4|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|4|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|4|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|4|year=2017}}
 +
|-
 +
| 5
 +
| {{Top_10_2010:ByTheNumbers|5}}
 +
| {{Top_10_2010:ByTheNumbers|5|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|5|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|5|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|5|year=2017}}
 +
|-
 +
| 6
 +
| {{Top_10_2010:ByTheNumbers|6}}
 +
| {{Top_10_2010:ByTheNumbers|6|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|6|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|6|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|6|year=2017}}
 +
|-
 +
| 7
 +
| {{Top_10_2010:ByTheNumbers|7}}
 +
| {{Top_10_2010:ByTheNumbers|7|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|7|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|7|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|7|year=2017}}
 +
|-
 +
| 8
 +
| {{Top_10_2010:ByTheNumbers|8}}
 +
| {{Top_10_2010:ByTheNumbers|8|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|8|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|8|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|8|year=2017}}
 +
|-
 +
| 9
 +
| {{Top_10_2010:ByTheNumbers|9}}
 +
| {{Top_10_2010:ByTheNumbers|9|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|9|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|9|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|9|year=2017}} (short: {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}})
 +
|-
 +
| 10
 +
| {{Top_10_2010:ByTheNumbers|10}}
 +
| {{Top_10_2010:ByTheNumbers|10|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|10|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|10|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|10|year=2017}}
 +
|-
 +
| 11
 +
| {{Top_10_2010:ByTheNumbers|11}}
 +
| {{Top_10_2010:ByTheNumbers|11|language=de}}
 +
| {{Top_10_2010:ByTheNumbers|11|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|11|language=de|year=2013}}
 +
| {{Top_10_2010:ByTheNumbers|11|year=2017}}
 +
|}
 +
 
 +
<onlyinclude>{{#switch: {{{year}}}
 +
    | 2017 =
 +
        {{#switch: {{{1}}}
 +
            | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
 +
            | 2={{Top_10:LanguageFile|text=brokenAuth|language={{{language}}} }}
 +
            | 3={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
 +
            | 4={{Top_10:LanguageFile|text=xxe|language={{{language}}} }}
 +
            | 5={{Top_10:LanguageFile|text=brokenAccessControl|language={{{language}}} }}
 +
            | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
 +
            | 7={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
 +
            | 8={{Top_10:LanguageFile|text=insecureDeserialization|language={{{language}}} }}
 +
            | 9={{#switch: {{{type}}}
 +
                | short  ={{Top_10:LanguageFile|text=vulnComponents|language={{{language}}} }}
 +
                | #default={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
 +
                }}
 +
            | 10={{Top_10:LanguageFile|text=insufficientLoggingMonitoring|language={{{language}}} }}
 +
            | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 +
        }}
 +
    | 2013 =
 +
        {{#switch: {{{1}}}
 +
            | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
 +
            | 2={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }}
 +
            | 3={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
 +
            | 4={{Top_10:LanguageFile|text=insecureDirectObjectReference|language={{{language}}} }}
 +
            | 5={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
 +
            | 6={{Top_10:LanguageFile|text=sensitiveDataExposure|language={{{language}}} }}
 +
            | 7={{Top_10:LanguageFile|text=missingFunctionLevelACL|language={{{language}}} }}
 +
            | 8={{Top_10:LanguageFile|text=csrf|language={{{language}}} }}
 +
            | 9={{Top_10:LanguageFile|text=usingVulnerableComponents|language={{{language}}} }}
 +
            | 10={{Top_10:LanguageFile|text=unvalidatedRedirectsForwards|language={{{language}}} }}
 +
            | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 +
        }}
 +
    | #default =
 +
        {{#switch: {{{1}}}
 +
            | 1={{Top_10:LanguageFile|text=injection|language={{{language}}} }}
 +
            | 2={{Top_10:LanguageFile|text=xss|language={{{language}}} }}
 +
            | 3={{Top_10:LanguageFile|text=brokenAuthSessionMgmt|language={{{language}}} }}
 +
            | 4={{Top_10:LanguageFile|text=insecureDirectObjectReference|language={{{language}}} }}
 +
            | 5={{Top_10:LanguageFile|text=csrf|language={{{language}}} }}
 +
            | 6={{Top_10:LanguageFile|text=securityMisconfig|language={{{language}}} }}
 +
            | 7={{Top_10:LanguageFile|text=insecureCryptographicStorage|language={{{language}}} }}
 +
            | 8={{Top_10:LanguageFile|text=failureRestrictUrlAccess|language={{{language}}} }}
 +
            | 9={{Top_10:LanguageFile|text=insufficientTLProtection|language={{{language}}} }}
 +
            | 10={{Top_10:LanguageFile|text=unvalidatedRedirectsForwards|language={{{language}}} }}
 +
            | 11={{Top_10:LanguageFile|text=inProgress|language={{{language}}} }}
 +
        }}
 +
}}</onlyinclude>

Latest revision as of 14:38, 7 January 2018

Usage:

 {{Top_10_2010:ByTheNumbers|{{{risk}}}|year={{{year}}}|language={{{language}}}|type=<optional type>}}
<!-- the 'type=short' is opional (used for '+RF') --->


Example:

 {{Top_10_2010:ByTheNumbers|1|language=de|year=2013}}
 {{Top_10_2010:ByTheNumbers|2|year=2013}}             <!-- Default-Language = English --->
 {{Top_10_2010:ByTheNumbers|2|language=de}}           <!-- Default-Year = 2010 --->
 {{Top_10_2010:ByTheNumbers|9|year=2017|type=short}}  <!-- Type = short --->


Number English 2010 German 2010 English 2013 German 2013 English 2017
1 Injection Injection Injection Injection Injection
2 Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Broken Authentication
3 Broken Authentication and Session Management Fehler in Authentifizierung und Session-Management Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) Sensitive Data Exposure
4 Insecure Direct Object References Unsichere direkte Objektreferenzen Insecure Direct Object References Unsichere direkte Objektreferenzen XML External Entities (XXE)
5 Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Broken Access Control
6 Security Misconfiguration Sicherheitsrelevante Fehlkonfiguration Sensitive Data Exposure Verlust der Vertraulichkeit sensibler Daten Security Misconfiguration
7 Insecure Cryptographic Storage Kryptografisch unsichere Speicherung Missing Function Level Access Control Fehlerhafte Autorisierung auf Anwendungsebene Cross-Site Scripting (XSS)
8 Failure to Restrict URL Access Mangelhafter URL-Zugriffsschutz Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) Insecure Deserialization
9 Insufficient Transport Layer Protection Unzureichende Absicherung der Transportschicht Using Components with Known Vulnerabilities Nutzung von Komponenten mit bekannten Schwachstellen Using Components with Known Vulnerabilities (short: Vulnerable Components)
10 Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Unvalidated Redirects and Forwards Ungeprüfte Um- und Weiterleitungen Insufficient Logging&Monitoring
11 In Progress In Arbeit In Progress In Arbeit In Progress