http://netsecurity.51cto.com/art/201306/398211.htm

2013-06-14 09:41 H3lvin FreebuF.COM

日前，开放Web应用安全项目（OWASP）公布了2013年十大最关键的Web应用安全风险，该列表从2010年开始更新，今年“Broken Authentication and Session Management”排到了第二的位置，同时“Injection”仍然保留在首位。

OWASP TOP 10 2013

1、Injection(1)

2、Broken Authentication and Session Management(3)

3、Cross-Site Scripting(XSS)(2)

4、Insecure Direct Object References(4)

5、Security Misconfiguration(6)

6、Sensitive Data Exposure(7/9)

7、Missing Function Level Access Control(8)

8、Cross-Site Request Forgery(CSRF)(5)

9、Using Known Vulnerable Components(-)

10、Unvalidated Redirects and Forwards(10)

附OWASP TOP 10 2010

Injection

Cross-Site Scripting(XSS)

Broken Authentication and Session Management

Insecure Direct Object References

Cross-Site Request Forgery(CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Unvalidated Redirects and Forwards

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)