-
Top 10 Application Security Risk(2010)
-
A1 Injection(注入)
- OWASP's ESAPI
- ESAPI Encoder API
- ESAPI Input Validation API
-
A2 Cross-Site-Scripting(XSS)
(跨站脚本攻击)
- ESAPI Encoder API
-
A3 Broken Authentication and Session Mangment
(破坏认证与session管理)
- OWASP's Application Security Verification Standard (ASVS)
- ESAPI Authenticator and User APIs
- ESAPI Authenticator API
- ESAPI User API
-
A4 Insecure Direct Object Reference
(不安全的直接目标引用)
- OWASP's ESAPI
- ESAPI Access Reference Map API
- ESAPI Access Control API
-
A5 Cross-Site Request Forgery
(跨站伪造请求)
- CSRF Tester tool
- CSRF Guard
- ESAPI HTTPUtilities Class with AntiCSRF Tokens
- A6 Security Misconfiguration
(错误的安全配置)
-
A7 Insecure Cryptographic Storage
(不安全的加密存贮)
- ESAPI Encryptor API
-
A8 Failure to Restrict URL Access
(错误的限制URL访问)
- ESAPI Access Control API
- OWASP Development Guide: Chapter on Authorization
- OWASP Testing Guide: Testing for Path Traversal
- OWASP Article on Forced Browsing
- A9 Insufficient Transport Layer Protection
(不充分的传输层保护)
- A10 Unvalidated Redirects and Forwards
(未经检查的重定向与转发)
- OWASP Developer's Guide
- OWASP Testing Guide
- OWASP Code Review Guide
- Application Security Verification Standart(ASVS)
- Open Source Assurance Maturity Model(SAMM)
- OWASP Risk Rating Methodology
- OWASP Enterprise Security API
- OWASP Application Security Verification Standard Project