Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Owasp İlk On Web Güvenlik Zaafiyetleri 2017
#KingSkrupellos
*
avatar
Tabutçu
Durum: Çevrimdışı
Seviye Puanı: 6
Yaşam Puanı: 2 / 135
Deneyim: 41 / 100
Rep Sayısı: 3276
Mesaj Sayısı: 57
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Owasp İlk On Web Güvenlik Zaafiyetleri 2017
17.03.2020 00:42
Owasp İlk On Web Güvenlik Zaafiyetleri 2017

www.cyberizm.org

Weaknesses in OWASP Top Ten 2017

1026 - Weaknesses in OWASP Top Ten (2017)
OWASP Top Ten 2017 Category A1 - Injection - (1027)
OWASP Top Ten 2017 Category A2 - Broken Authentication - (1028)
OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure - (1029)
OWASP Top Ten 2017 Category A4 - XML External Entities (XXE) - (1030)
OWASP Top Ten 2017 Category A5 - Broken Access Control - (1031)
OWASP Top Ten 2017 Category A6 - Security Misconfiguration - (1032)
OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) - (1033)
OWASP Top Ten 2017 Category A8 - Insecure Deserialization - (1034)
OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities - (1035)
OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring - (1036)

1026 - Weaknesses in OWASP Top Ten (2017)
-CategoryOWASP Top Ten 2017 Category A1 - Injection - (1027)
*ClassImproper Neutralization of Special Elements used in a Command ('Command Injection') - (77)
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') - (88)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
XML Injection (aka Blind XPath Injection) - (91)
*VariantSQL Injection: Hibernate - (564)
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
*ClassImproper Neutralization of Special Elements in Data Query Logic - (943)
-CategoryOWASP Top Ten 2017 Category A2 - Broken Authentication - (1028)
*ClassImproper Authentication - (287)
Unprotected Storage of Credentials - (256)
Use of Single-factor Authentication - (308)
*CompositeSession Fixation - (384)
*ClassInsufficiently Protected Credentials - (522)
Unprotected Transport of Credentials - (523)
Insufficient Session Expiration - (613)
Unverified Password Change - (620)
Weak Password Recovery Mechanism for Forgotten Password - (640)
-CategoryOWASP Top Ten 2017 Category A3 - Sensitive Data Exposure - (1029)
*VariantStorage of File With Sensitive Data Under FTP Root - (220)
Improper Certificate Validation - (295)
*ClassMissing Encryption of Sensitive Data - (311)
Cleartext Storage of Sensitive Information - (312)
Cleartext Transmission of Sensitive Information - (319)
*CategoryKey Management Errors - (320)
Missing Required Cryptographic Step - (325)
*ClassInadequate Encryption Strength - (326)
*ClassUse of a Broken or Risky Cryptographic Algorithm - (327)
Reversible One-Way Hash - (328)
Exposure of Private Personal Information to an Unauthorized Actor - (359)
-CategoryOWASP Top Ten 2017 Category A4 - XML External Entities (XXE) - (1030)
Improper Restriction of XML External Entity Reference - (611)
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - (776)
-CategoryOWASP Top Ten 2017 Category A5 - Broken Access Control - (1031)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)
*PillarImproper Access Control - (284)
*ClassImproper Authorization - (285)
Direct Request ('Forced Browsing') - (425)
Authorization Bypass Through User-Controlled Key - (639)
-CategoryOWASP Top Ten 2017 Category A6 - Security Misconfiguration - (1032)
*CategoryConfiguration - (16)
Generation of Error Message Containing Sensitive Information - (209)
*VariantExposure of Information Through Directory Listing - (548)
-CategoryOWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS) - (1033)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
-CategoryOWASP Top Ten 2017 Category A8 - Insecure Deserialization - (1034)
Deserialization of Untrusted Data - (502)
*CategoryOWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities - (1035)
-CategoryOWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring - (1036)
Omission of Security-relevant Information - (223)
Insufficient Logging - (778)
Kaynak : cwe.mitre.org/data/definitions/1026.html
Alinti



1 Ziyaretçi