Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten
| | ||
In January 2004, the Open Web Application Security Project (OWASP) released a paper entitled, The Ten Most Critical Web Application Security Vulnerabilities (www.owasp.org/documentation/topten.html). This short appendix maps the 19 sins to the OWASP work.
| OWASP Top Ten | 19 Sins |
|---|---|
| A1 Unvalidated Input | Sin 4, SQL Injection |
| A2 Broken Access Control | Sin 14, Improper File Access |
| A3 Broken Authentication and Session Management | Sin 9, Use of Magic URLs and Hidden Form Fields |
| A4 Cross Site Scripting (XSS) Flaws | Sin 7, Cross-Site Scripting |
| A5 Buffer Overflows | Sin 1, Buffer Overruns |
| A6 Injection Flaws | Sin 4, SQL Injection |
| A7 Improper Error Handling | Sin 6, Failing to Handle Errors |
| A8 Insecure Storage | Sin 12, Failing to Store and Protect |
| A9 Denial of Service | This is the outcome of an attack, not a coding defect. Many DoS attacks are mitigated through infrastructure, such as firewalls and use of quotas. |
| A10 Insecure Configuration Management | This is an infrastructure issue that is beyond the scope of this book. |
EAN: 2147483647
Pages: 239