OWASP Top 10
OWASP Top 10 是由开放 Web 应用安全项目发布的标准文档,列出了 Web 应用程序面临的最 critical 安全风险,并定期更新以反映 Web 安全威胁的变化。 2024-10-10 00:0:0 Author: www.hahwul.com(查看原文) 阅读量:0 收藏

The OWASP Top 10 is a standard awareness document representing the most critical security risks to web applications. Published by the Open Web Application Security Project (OWASP), this list is regularly updated to reflect the evolving landscape of web security threats.

History

    • A1 Broken Access Control 
    • A2 Cryptographic Failures 
    • A3 Injection
    • A4 Insecure Design
    • A5 Security Misconfiguration
    • A6 Vulnerable and Outdated Components
    • A7 Identification and Authentication Failures
    • A8 Software and Data Integrity Failures
    • A9 Security Logging and Monitoring Failures
    • A10 Server-Side Request Forgery

    • A1 Injection
    • A2 Broken Authentication
    • A3 Sensitive Data Exposure
    • A4 XML External Entities (XXE)
    • A5 Broken Access Control
    • A6 Security Misconfiguration
    • A7 Cross-Site Scripting
    • A8 Insecure Deserialization
    • A9 Using Components with Known Vulnerabilities
    • A10 Insufficient Logging & Monitoring

    • A1 Injection
    • A2 Broken Authentication and Session Management
    • A3 Cross-Site Scripting
    • A4 Insecure Direct Object References
    • A5 Security Misconfiguration
    • A6 Sensitive Data Exposure
    • A7 Missing Function Level Access Control
    • A8 Cross-Site Request Forgery
    • A9 Using Components with Known Vulnerabilities
    • A10 Unvalidated Redirects and Forwards

    • A1 Injection
    • A2 Cross-Site Scripting
    • A3 Broken Authentication and Session Management
    • A4 Insecure Direct Object References
    • A5 Cross-Site Request Forgery
    • A6 Security Misconfiguration
    • A7 Insecure Cryptographic Storage
    • A8 Failure to Restrict URL Access
    • A9 Insufficient Transport Layer Protection
    • A10 Unvalidated Redirects and Forwards

    • A1 Cross Site Scripting (XSS)
    • A2 Injection Flaws
    • A3 Malicious File Execution
    • A4 Insecure Direct Object Reference
    • A5 Cross Site Request Forgery (CSRF)
    • A6 Information Leakage and Improper Error Handling
    • A7 Broken Authentication and Session Management
    • A8 Insecure Cryptographic Storage
    • A9 Insecure Communications
    • A10 Failure to Restrict URL Access

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

References


文章来源: https://www.hahwul.com/sec/web-security/owasp-top-10/
如有侵权请联系:admin#unsafe.sh