OWASP每几年更新一次十大Web应用程序安全风险列表,为开发者提供关键漏洞指南。2010年、2013年及2017年的列表分别强调了如注入攻击、身份验证缺陷等常见且易被利用的安全问题。
The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security.
The OWASP Top 10 Web Application Security Risks was created in 2010, 2013 and 2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to exploit. These 10 application risks are dangerous because they may allow attackers to plant malware, steal data, or completely take over your computers or web servers.
Meeting OWASP Compliance Standards usually is the First Step Toward Secure Code.
OWASP Top 10 Application Security Risks – 2017
- A1. Injection
- A2. Broken Authentication
- A3. Sensitive Data Exposure
- A4. XML External Entities (NEW)
- A5. Broken Access Control (MERGED)
- A6. Security Misconfiguration
- A7. Cross-Site Scripting
- A8. Insecure Deserialization (NEW)
- A9. Using Components With Known Vulnerabilities
- A10. Insufficient Logging and Monitoring (NEW)
Top 10
- A1-Injection
- A2-Broken Authentication and Session Management
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A6-Sensitive Data Exposure
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
- A9-Using Components with Known Vulnerabilities
- A10-Unvalidated Redirects and Forwards
For 2010, the OWASP Top 10 Most Critical Web Application Security Risks are:
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross-Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Insecure Cryptographic Storage
- A8: Failure to Restrict URL Access
- A9: Insufficient Transport Layer Protection
- A10: Unvalidated Redirects and Forwards
References:
OWASP
External
扫一扫
1550
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
