This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2010-Details About Risk Factors
From OWASP
Revision as of 15:26, 20 April 2010 by Neil Smithline (talk | contribs) (Created page with '{{Top_10_2010:TopTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}} <center…')
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
| RISK | Threat Agents | Attack Vectors | Security Weakness | Technical Impact | Business Impacts | |
|---|---|---|---|---|---|---|
| A1-Injection | Exploitability EASY |
Prevalence COMMON |
Detectability AVERAGE |
Impact SEVERE |
||
| A2-XSS | Exploitability AVERAGE |
Prevalence VERY WIDESPREAD |
Detectability EASY |
Impact MODERATE |
||
| A3-Authentication | Exploitability AVERAGE |
Prevalence COMMON |
Detectability AVERAGE |
Impact SEVERE |
||
| A4-DOR | Exploitability EASY |
Prevalence COMMON |
Detectability EASY |
Impact MODERATE |
||
| A5-CSRF | Exploitability AVERAGE |
Prevalence WIDESPREAD |
Detectability EASY |
Impact MODERATE |
||
| A6-Config | Exploitability EASY |
Prevalence COMMON |
Detectability EASY |
Impact MODERATE |
||
| A7-Crypto | Exploitability DIFFICULT |
Prevalence UNCOMMON |
Detectability DIFFICULT |
Impact SEVERE |
||
| A8-URL Access | Exploitability EASY |
Prevalence UNCOMMON |
Detectability AVERAGE |
Impact MODERATE |
||
| A9-Transport | Exploitability DIFFICULT |
Prevalence COMMON |
Detectability EASY |
Impact MODERATE |
||
| A10-Redirects | Exploitability AVERAGE |
Prevalence UNCOMMON |
Detectability EASY |
Impact MODERATE |
||
Am I Vulnerable to Injection?
How Do I Prevent Injection?
Example Attack Scenarios
References
OWASP External
