This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "User talk:T.Gigler"
m (Changed background color to #6261e1) |
(first DRAFT for Top10: top table test) |
||
Line 101: | Line 101: | ||
}}{{Cheatsheet_Navigation_Body}} | }}{{Cheatsheet_Navigation_Body}} | ||
{{Top_10:SubsectionTableEndTemplate}} | {{Top_10:SubsectionTableEndTemplate}} | ||
+ | |||
+ | ---- | ||
+ | ---- | ||
+ | <span id="top10_top_table_test"></span> <!-- anchor for cheat sheets: -> https://www.owasp.org/index.php/User_talk:T.Gigler#top10_top_table_test --> | ||
+ | == Top 10: Top Table Test == | ||
+ | {{Top_10_2010:SummaryTableHeaderBeginTemplate|year=2017|language=en}} | ||
+ | {{Top_10:SummaryTableTemplate|exploitability=3|prevalence=3|detectability=2|impact=1|year=2017|language=en}} | ||
+ | {{Top_10_2010:SummaryTableHeaderEndTemplate|year=2017}} | ||
+ | <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
+ | <!--- Threat Agents: --->Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. | ||
+ | </td> | ||
+ | <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
+ | <!--- Security Weakness --->The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability. | ||
+ | </td> | ||
+ | <td colspan=2 {{Template:Top 10 2010:SummaryTableRowStyleTemplate|year=2017}}> | ||
+ | <!--- Technical and Business Impacts --->Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc.<br> The business impact depends on the protection needs of your application and data. | ||
+ | </td> | ||
+ | {{Top_10_2010:SummaryTableEndTemplate|year=2017}} |
Latest revision as of 20:18, 30 September 2017
Welcome to OWASP! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! KateHartmann 21:42, 30 January 2013 (UTC)
{{LinkBar |useprev=2013PrevHeaderTabDeveloperEdition |prev=A6-Verlust der Vertraulichkeit sensibler Daten |lblprev=JAVA2 |usenext=2013NextHeaderTabDeveloperEdition |next=A7-Fehlerhafte Autorisierung auf Anwendungsebene |lblnext=JAVA2 |usemain=Nothing |year=2013 |language=de }}
Tests with the 'Time' functon:
27.08.2014: Year = 2014
2014-08-28: 2014-Aug-28
Last revision (mm/dd/yy): 09/30/2017
Top 10: Top Table Test
Threat Agents / Attack Vectors | Security Weakness | Impacts | |||
---|---|---|---|---|---|
App Specific | Exploitability DIFFICULT |
Prevalence UNCOMMON |
Detectability AVERAGE |
Impact SEVERE |
Business ? |
Even anonymous attackers typically don’t break crypto directly. They break something else, such as steal keys, do man-in-the-middle attacks, or steal clear text data off the server, while in transit, or from the user’s browser. |
The most common flaw is simply not encrypting sensitive data. When crypto is employed, weak key generation and management, and weak algorithm usage is common, particularly weak password hashing techniques. For data in transit server side weaknesses are mainly easy to detect, but hard for data in rest. Both with very varying exploitability. |
Failure frequently compromises all data that should have been protected. Typically, this information includes sensitive data such as health records, credentials, personal data, credit cards, etc. |