OWASP top 10
Webb helt enkelt #3, 2013-05-07
Rickard Andersson
Montania System AB
Webbutveckling, Drift, IT-säkerhet, Linux
PHP, JS, CSS/SCSS.
Symfony, Ember JS
OWASP
Open Web Application Security Project
OWASP GBG
- 2013-05-16: Mario Heiderich - XSS
- 2013-02-28: Forensics
OWASP top 10 2010
Top 10 Most Critical Web Application Security Risks
A2-Cross Site Scripting (XSS)
A3-Broken Authentication and Session Management
A4-Insecure Direct Object References
A5-Cross Site Request Forgery (CSRF)
A6-Security Misconfiguration
A7-Insecure Cryptographic Storage
A8-Failure to Restrict URL Access
A9-Insufficient Transport Layer Protection
A10-Unvalidated Redirects and Forwards
OWASP top 10 2013 RC
- A1 Injection
- A2 Broken Authentication and Session Management (was A3)
- A3 Cross-Site Scripting (XSS) (was A2)
- A4 Insecure Direct Object References
- A5 Security Misconfiguration (was A6)
- A6 Sensitive Data Exposure (merged from A7 and A9)
- A7 Missing Function Level Access Control (renamed fr. A8)
- A8 Cross-Site Request Forgery (CSRF) (was A5)
- A9 Using Known Vulnerable Components (new)
- A10 Unvalidated Redirects and Forwards