OWASP TOP 10
March 22, 2011Issues and suggested remediation:
|
ISSUE |
Explanation |
| 6.5.1: Cross Site Scripting (XSS) |
Testing of parameters before inclusion. |
| 6.5.2: Injection Flaws |
Testing of input to verify user data cannot modify meaning of commands and queries. |
| 6.5.3: Malicious File Execution |
Validate input to verify application does not accept filenames or files from users. |
| 6.5.4: Insecure Direct Object Reference |
Do not expose internal object references to users. |
| 6.5.5: Cross Site Request Forgery (CSRF) |
Do not reply on authorization credentials and tokens automatically submitted by browsers. |
| 6.5.6: Information Leakage and Improper Error Handling |
Do not leak information via error messages or other means. |
| 6.5.7: Broken Authentication and Session Management |
Properly authenticate users and protect account credentials and session tokens. |
| 6.5.8: Insecure Cryptographic Storage |
Prevent cryptographic flaws. |
| 6.5.9: Insecure Communications |
Properly encrypt all authenticated and sensitive communications. |
| 6.5.10: Failure to Restrict URL Access |
Consistently enforce access control in presentation layer and business logic for all URLs. |