OWSAP Top 10 Web Threaten
From 2010, OWSAP(Open Web Application Security Project) collects the risk of web application from internet and many organization, finally product the Top 10 Web Threaten.
The following top 10 threaton was published at 2013 by owsap, just for report, any uncertain please go the origin website for more infomation.
第一位: 注入式风险
第二位: 失效的身份认证和会话管理
No 2: Broken Authentication and Session Management
第三位: 跨站脚本
第四位: 不安全对象的直接引用 Burp
No 4:Insecure Direct Object References
第五位: 安全配置错误
No 5: Security Misconfiguration
第六位: 敏感信息泄漏
第七位: 功能级访问控制缺失
No 7: Missing Function Level Access Control
第八位: 跨站请求伪造 (CSRF )
No 8: Cross-Site Request Forgery (CSRF)
第九位: 使用含有已知漏洞的组件
No 9: Using Components with Known Vulnerabilities
第十位: 未验证的重定向和转发
No 10: Unvalidated Redirects and Forwards
How to contact with me
- email: [email protected]
- blog: liuliqiang.info
- Report From: OWASP Top Ten Project