在OWASP Top 10 2013最终版本发行之后,OWASP组织会继续做相应的更新工作以支持文档,这些文档包括OWASP wiki,OWASP Developer’s Guide,OWASP Testing Guide, OWASP Code Review Guide,和OWASP Prevention Cheat Sheep系列。 关于OWASP Top 10 2013请求建议版有建设性的意见应该通过向OWOWASP-TopTen@lists.owasp.org邮箱...
OWASP Top 10 2013中文版
我们希望OWASPTop10能有助于您的应用程序 安全。如果有任何疑问、评论以及想法,请不要犹豫, 立即通过公开的owasp-topten@lists.owasp或者私 人的dave.wichers@owasp,与我们取得联系。 关于OWASP 开源web应用安全项目(OWASP)是一个开放的社区,致 力于帮助各企业组织开发、购买和维护可信任的应用程序。 在OWASP,您可...
Addressing these ten security vulnerabilities doesn't provide total security, but is a good start in raising awareness about the current major security threats. This document explains how the API and API developers should address security vulnerabilities and risks documented by OWASP for 2013. OWASP ...
该主题提供了开放式 Web 应用程序安全项目 (OWASP) Web 站点以及指导信息文档的链接。 要了解关于 OWASP 的信息,请参阅https://www.owasp.org/index.php/Main_Page。https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project处提供了各种 OWASP 文档和安全风险的链接。
5-Tony-OWASP TOP 10(2013) java 开发安全实践(调整模板)
D. Wichers, "The 2013 OWASP Top 10," in AppSec USA 2013, 2013.The OWASP Top 10 2013. Project Home Page. 2016. URL: https://www.owasp.org/index.php/Category:OWASP Top Ten Project.OWASP, "OWASP Top 10-2013," The OWASP Foundation, 2013....
Unvalidated redirects and forwards were ranked as uncommon both in 2010 and 2013 when OWASP graded vulnerabilities in their top ten list. However, even if the prevalence of this vulnerability is considered low in general over the internet, one could not look at the resources or popularity a site...
one nice aspect of OWASP risks is how some areas of individual risks can actually overlap other identified risks. While the mechanism of how we handle password storage in our system relates to broken authentication, it has also been identified as one of the top ten OWASP risk at#6: Sensitive...
OWASP Top10说明 OWASP Top 10是一个标准的开发人员和web应用程序安全意识文档。它代表了对web应用程序最关键的安全风险的广泛共识。 A01Broken Access Control 越权访问 会导致未经授权的信息披露、修改或销毁所有数据,或在用户权限之外执行业务功能。常见的访问控制漏洞包括:...