History of OWASP Top 10
文章列出了OWASP从2003年至2021年的十大安全风险排名变化,涵盖注入、跨站脚本、认证失败、配置错误等常见Web应用安全问题。 2024-10-10 00:0:0 Author: www.hahwul.com(查看原文) 阅读量:0 收藏

    • A1 Broken Access Control 
    • A2 Cryptographic Failures 
    • A3 Injection
    • A4 Insecure Design
    • A5 Security Misconfiguration
    • A6 Vulnerable and Outdated Components
    • A7 Identification and Authentication Failures
    • A8 Software and Data Integrity Failures
    • A9 Security Logging and Monitoring Failures
    • A10 Server-Side Request Forgery

    • A1 Injection
    • A2 Broken Authentication
    • A3 Sensitive Data Exposure
    • A4 XML External Entities (XXE)
    • A5 Broken Access Control
    • A6 Security Misconfiguration
    • A7 Cross-Site Scripting
    • A8 Insecure Deserialization
    • A9 Using Components with Known Vulnerabilities
    • A10 Insufficient Logging & Monitoring

    • A1 Injection
    • A2 Broken Authentication and Session Management
    • A3 Cross-Site Scripting
    • A4 Insecure Direct Object References
    • A5 Security Misconfiguration
    • A6 Sensitive Data Exposure
    • A7 Missing Function Level Access Control
    • A8 Cross-Site Request Forgery
    • A9 Using Components with Known Vulnerabilities
    • A10 Unvalidated Redirects and Forwards

    • A1 Injection
    • A2 Cross-Site Scripting
    • A3 Broken Authentication and Session Management
    • A4 Insecure Direct Object References
    • A5 Cross-Site Request Forgery
    • A6 Security Misconfiguration
    • A7 Insecure Cryptographic Storage
    • A8 Failure to Restrict URL Access
    • A9 Insufficient Transport Layer Protection
    • A10 Unvalidated Redirects and Forwards

    • A1 Cross Site Scripting (XSS)
    • A2 Injection Flaws
    • A3 Malicious File Execution
    • A4 Insecure Direct Object Reference
    • A5 Cross Site Request Forgery (CSRF)
    • A6 Information Leakage and Improper Error Handling
    • A7 Broken Authentication and Session Management
    • A8 Insecure Cryptographic Storage
    • A9 Insecure Communications
    • A10 Failure to Restrict URL Access

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

References


文章来源: https://www.hahwul.com/cullinan/history-of-owasp-top-10/
如有侵权请联系:admin#unsafe.sh