This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Top 10 2010-Main"
From OWASP
(Created page with '{{Top_10_2010:TopTemplate|usenext=NextLink|next=-Broken Authentication and Session Management|useprev=PrevLink|prev=-Cross Site Request Forgery|usemain=MainLink|main=}} == OWAS…') |
|||
Line 5: | Line 5: | ||
{| cellspacing="1" cellpadding="1" border="1" width="95%" | {| cellspacing="1" cellpadding="1" border="1" width="95%" | ||
|- | |- | ||
− | | A1-Injection | + | | [[Top_10_2007-A1|A1-Injection] |
− | | | + | |Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
|- | |- | ||
| A2-Cross Site Scripting (XSS)<br> | | A2-Cross Site Scripting (XSS)<br> |
Revision as of 22:08, 15 April 2010
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
«««« | Top 10 Risks |
»»»» |
OWASP Top 10 Application Security Risks 2010
[[Top_10_2007-A1|A1-Injection] | Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data. |
A2-Cross Site Scripting (XSS) |
|
A3- Broken Authentication and Session Management |
|
A4-Insecure Direct Object References |
|
A5-Cross Site Request Forgery (CSRF) |
|
A6-Security Misconfiguration |
|
A7-Failure to Restrict URL Access |
|
A8-Unvalidated Redirects and Forwards |
|
A9-Insecure Cryptographic Storage |
|
A10-Insufficient Transport Layer Protection |
|
«««« | Top 10 Risks |
»»»» |