Discover owasp top 10 application security risks, include the articles, news, trends, analysis and practical advice about owasp top 10 application security risks on alibabacloud.com
The authoritative security organization Owasp has just updated top 10:https://www.owasp.org/index.php/top_10_2013-top_10 ten security vulnerabilities: 1. injection, including SQL, operating system, and LDAP injection. 2. Problematic identification of session management. 3. Cross-site scripting attacks (XSS). 4. Unsafe
exposes a reference to an internal implementation object, such as a file , directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data .
Cross Site Request forgery (CSRF)
A CSRF attack forces a logged-on victim ' s browser to send a forged HTTP request, including the victim's session cookie and Any and automatically included authentication information, to a vulnerab
OWASP top 10 top 3rd threats: "corrupted authentication and session management". In short, attackers can obtain the sessionID By eavesdropping the user name and password when accessing HTTP, or by session, then impersonate the user's Http access process.Because HTTP itself is stateless, that is to say, each HTTP access request carries a personal credential, and SessionID is used to track the status, session
2005.3.22 ou yanliang
Course Introduction
How to apply the features in. NET Framework to protect code security
Basic Content
Familiar with. NET Development
Course Arrangement
Authentication
Authorization
Encryption
Strongly-named assembly
Code access security
Middle Layer Security
How to Avoid SQL Injection
Authentication
Use Credential to uniquely identify a
Today, with the rapid evolution of Web technology and the vigorous development of e-commerce, many new applications developed by enterprises are Web applications, in addition, Web services are increasingly used to integrate or interact with Web applications. These trends bring about the following problems: the growth of Web applications and services has exceeded the security training and security awareness
sites still store user passwords in plain text and adopt an outdated HASH algorithm, attackers can easily obtain user-related information. Many functions of some sites depend on the existing database design and related structured data, which makes it very difficult to modify users' hash algorithms in the future.8:SSL,COOKIESetHTTPONLYAndSTSAny website that does not support SSL encrypted transmission is vulnerable to man-in-the-middle attacks. HTTPONLY and STS are not set for cookies, and they a
application. it is based on new technology andIt can use existing code to provide protection.
BinarysecBinarysecIs web application software firewall, and it protects applications against illegitimate HTTP and blocks suspicious requests as well. It provides protection against Cross Site Scripting, commend injections, parameter tampering, buffer overflow, directory traversal,SQL Injection and attack obstruc
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.