Summary
보안 취약점의 종류를 이해하고 정리한다. 보안은 개발속도를 늦추는 경우도 있지만 제품의 안정성과 신뢰성에 기여하기 때문에 필수적인 요소이다. 다음은 OWASP(The Open Web Application Security Project)의 년도별 TOP 10 취약점의 종류이다.
2017
Injection
Broken Authentication
Sensitivy Data Exposure
XML External Entities(XXE)
Broken Access Control
Security Misconfiguration
Cross-Site Scripting(XXS)
Insecure Deserialization
Using Component with Known Vulnerabilities
Insufficient Logging & Monitoring
2013
Injection
Broken Authentication and Session Management
Cross-Site Scripting
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Acess Control
Cross-Site Request Forgery(CSRF)
Using Component with Known Vulnerabilities
Unvalidated Redirects and Forwards
2010
Injection
Cross-Site Scripting
Broken Authentication and Session Management
Insecure Direct Object References
Cross-Site Request Forgery(CSRF)
Security Misconfiguration
Insecure Cryptographic Storage
Failure to Restrict URL Access
Insufficient Transport Layer Protection
Unvalidated Redirects and Forwards
2007
Cross Site Scripting (XSS)
Injection Flaws
Malicious File Execution
Insecure Direct Object Reference
Cross Site Request Forgery (CSRF)
Information Leakage and Improper Error Handling
Broken Authentication and Session Management
Insecure Cryptographic Storage
Insecure Communications
Failure to Restrict URL Access
2004
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross Site Scripting
- Buffer Overflow
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Application Denial of Service
- Insecure Configuration Management