Appendix A: Mapping the 19 Deadly Sins to the OWASP Top Ten

Previous page
Table of content
Next page

In January 2004, the Open Web Application Security Project (OWASP) released a paper entitled, The Ten Most Critical Web Application Security Vulnerabilities (www.owasp.org/documentation/topten.html). This short appendix maps the 19 sins to the OWASP work.

OWASP Top Ten

19 Sins

A1 Unvalidated Input

Sin 4, SQL Injection
Sin 5, Command Injection
Sin 7, Cross-Site Scripting

A2 Broken Access Control

Sin 14, Improper File Access

A3 Broken Authentication and Session Management

Sin 9, Use of Magic URLs and Hidden Form Fields

A4 Cross Site Scripting (XSS) Flaws

Sin 7, Cross-Site Scripting

A5 Buffer Overflows

Sin 1, Buffer Overruns
Sin 2, Format String Problems
Sin 3, Integer Overflows

A6 Injection Flaws

Sin 4, SQL Injection
Sin 5, Command Injection

A7 Improper Error Handling

Sin 6, Failing to Handle Errors

A8 Insecure Storage

Sin 12, Failing to Store and Protect
Data Securely

A9 Denial of Service

This is the outcome of an attack, not a coding defect. Many DoS attacks are mitigated through infrastructure, such as firewalls and use of quotas.

A10 Insecure Configuration Management

This is an infrastructure issue that is beyond the scope of this book.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
Strategies for Information Technology Governance
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
WebLogic: The Definitive Guide
C & Data Structures (Charles River Media Computer Engineering)
Sap Bw: a Step By Step Guide for Bw 2.0
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy