OWASP TOP 10

Summary

보안 취약점의 종류를 이해하고 정리한다. 보안은 개발속도를 늦추는 경우도 있지만 제품의 안정성과 신뢰성에 기여하기 때문에 필수적인 요소이다. 다음은 OWASP(The Open Web Application Security Project)의 년도별 TOP 10 취약점의 종류이다.

2017

1. Injection

2. Broken Authentication

3. Sensitivy Data Exposure

4. XML External Entities(XXE)

5. Broken Access Control

6. Security Misconfiguration

7. Cross-Site Scripting(XXS)

8. Insecure Deserialization

9. Using Component with Known Vulnerabilities

10. Insufficient Logging & Monitoring

2013

1. Injection

2. Broken Authentication and Session Management

3. Cross-Site Scripting

4. Insecure Direct Object References

5. Security Misconfiguration

6. Sensitive Data Exposure

7. Missing Function Level Acess Control

8. Cross-Site Request Forgery(CSRF)

9. Using Component with Known Vulnerabilities

10. Unvalidated Redirects and Forwards

2010

1. Injection

2. Cross-Site Scripting

3. Broken Authentication and Session Management

4. Insecure Direct Object References

5. Cross-Site Request Forgery(CSRF)

6. Security Misconfiguration

7. Insecure Cryptographic Storage

8. Failure to Restrict URL Access

9. Insufficient Transport Layer Protection

10. Unvalidated Redirects and Forwards

2007

1. Cross Site Scripting (XSS)

2. Injection Flaws

3. Malicious File Execution

4. Insecure Direct Object Reference

5. Cross Site Request Forgery (CSRF)

6. Information Leakage and Improper Error Handling

7. Broken Authentication and Session Management

8. Insecure Cryptographic Storage

9. Insecure Communications

10. Failure to Restrict URL Access

2004

1. Unvalidated Input
2. Broken Access Control
3. Broken Authentication and Session Management
4. Cross Site Scripting
5. Buffer Overflow
6. Injection Flaws
7. Improper Error Handling
8. Insecure Storage
9. Application Denial of Service
10. Insecure Configuration Management

References

• https://ko.wikipedia.org/wiki/OWASP