This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Top 10 2013-A8-Cross-Site Request Forgery (CSRF)
From OWASP
Revision as of 20:27, 10 February 2013 by Neil Smithline (talk | contribs) (Created page with "= TEMPORARY PLACEHOLDER for 2013 T10 = {{Top_10_2013:TopTemplate |usenext=2013NextLink |next={{Top_10_2010:ByTheNumbers |9 |year=2013}} ...")
TEMPORARY PLACEHOLDER for 2013 T10
NOTE: THIS IS NOT THE LATEST VERSION. Please visit the OWASP Top 10 project page to find the latest edition.
| [[Top 10 {{{year}}}-Missing Function Level Access Control|← Missing Function Level Access Control]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-Using Components with Known Vulnerabilities|Using Components with Known Vulnerabilities →]] |
| Threat Agents | Attack Vectors | Security Weakness | Technical Impacts | Business Impacts | |
|---|---|---|---|---|---|
| Application Specific | Exploitability EASY |
Prevalence COMMON |
Detectability AVERAGE |
Impact SEVERE |
Application / Business Specific |
| blank. | blank | blank | blank | blank | |
|
Am I Vulnerable To 'Cross-Site Request Forgery (CSRF)'?
blank |
How Do I Prevent 'Cross-Site Request Forgery (CSRF)'?
blank
|
|
Example Attack Scenarios
blank blank code
blank http://example.com/app/accountView?id=' or '1'='1
blank |
References
OWASP External |
| [[Top 10 {{{year}}}-Missing Function Level Access Control|← Missing Function Level Access Control]] | [[Top_10_{{{year}}}-Top 10|{{{year}}} Top 10 List]] |
[[Top 10 {{{year}}}-Using Components with Known Vulnerabilities|Using Components with Known Vulnerabilities →]] |
