This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10 2010-Main"
From OWASP
(Created page with '{{Top_10_2010:TopTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}} == OWAS…') |
|||
| Line 5: | Line 5: | ||
{| cellspacing="1" cellpadding="1" border="1" width="95%" | {| cellspacing="1" cellpadding="1" border="1" width="95%" | ||
|- | |- | ||
| − | | A1-Injection | + | | [[Top_10_2007-A1|A1-Injection] |
| − | | | + | |Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
|- | |- | ||
| A2-Cross Site Scripting (XSS)<br> | | A2-Cross Site Scripting (XSS)<br> | ||
Revision as of 22:08, 15 April 2010
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
| «««« | Top 10 Risks |
»»»» |
OWASP Top 10 Application Security Risks 2010
| [[Top_10_2007-A1|A1-Injection] | Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
| A2-Cross Site Scripting (XSS) |
|
| A3- Broken Authentication and Session Management |
|
| A4-Insecure Direct Object References |
|
| A5-Cross Site Request Forgery (CSRF) |
|
| A6-Security Misconfiguration |
|
| A7-Failure to Restrict URL Access |
|
| A8-Unvalidated Redirects and Forwards |
|
| A9-Insecure Cryptographic Storage |
|
| A10-Insufficient Transport Layer Protection |
|
| «««« | Top 10 Risks |
»»»» |
