473K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3&6W2N6s2y4W2j5%4g2J5K9i4c8&6i4K6u0W2y4e0q4U0N6r3!0Q4x3X3g2U0L8$3#2Q4x3V1k6S2M7Y4c8Q4x3V1j5J5x3o6p5K6x3o6k6Q4x3V1j5K6z5e0R3J5x3e0q4Q4x3X3g2Z5N6r3@1`.

2013-06-14 09:41 H3lvin FreebuF.COM

日前，开放Web应用安全项目（OWASP）公布了2013年十大最关键的Web应用安全风险，该列表从2010年开始更新，今年“Broken Authentication and Session Management”排到了第二的位置，同时“Injection”仍然保留在首位。

OWASP TOP 10 2013

1、Injection(1)

2、Broken Authentication and Session Management(3)

3、Cross-Site Scripting(XSS)(2)

4、Insecure Direct Object References(4)

5、Security Misconfiguration(6)

6、Sensitive Data Exposure(7/9)

7、Missing Function Level Access Control(8)

8、Cross-Site Request Forgery(CSRF)(5)

9、Using Known Vulnerable Components(-)

10、Unvalidated Redirects and Forwards(10)

附OWASP TOP 10 2010

Injection

Cross-Site Scripting(XSS)

Broken Authentication and Session Management

Insecure Direct Object References

Cross-Site Request Forgery(CSRF)

Security Misconfiguration

Insecure Cryptographic Storage

Failure to Restrict URL Access

Insufficient Transport Layer Protection

Unvalidated Redirects and Forwards

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课