(UPDATED: )

ENGLISH

한국어

OWASP Top 10

OWASP Top 10은 웹 애플리케이션에 대한 가장 중요한 보안 위험을 나타내는 표준 인식 문서입니다. 개방형 웹 애플리케이션 보안 프로젝트(OWASP)에서 발행하는 이 목록은 웹 보안 위협의 변화하는 환경을 반영하기 위해 정기적으로 업데이트됩니다.

History

    • A1 Broken Access Control 
    • A2 Cryptographic Failures 
    • A3 Injection
    • A4 Insecure Design
    • A5 Security Misconfiguration
    • A6 Vulnerable and Outdated Components
    • A7 Identification and Authentication Failures
    • A8 Software and Data Integrity Failures
    • A9 Security Logging and Monitoring Failures
    • A10 Server-Side Request Forgery
    • A1 Injection
    • A2 Broken Authentication
    • A3 Sensitive Data Exposure
    • A4 XML External Entities (XXE)
    • A5 Broken Access Control
    • A6 Security Misconfiguration
    • A7 Cross-Site Scripting
    • A8 Insecure Deserialization
    • A9 Using Components with Known Vulnerabilities
    • A10 Insufficient Logging & Monitoring
    • A1 Injection
    • A2 Broken Authentication and Session Management
    • A3 Cross-Site Scripting
    • A4 Insecure Direct Object References
    • A5 Security Misconfiguration
    • A6 Sensitive Data Exposure
    • A7 Missing Function Level Access Control
    • A8 Cross-Site Request Forgery
    • A9 Using Components with Known Vulnerabilities
    • A10 Unvalidated Redirects and Forwards
    • A1 Injection
    • A2 Cross-Site Scripting
    • A3 Broken Authentication and Session Management
    • A4 Insecure Direct Object References
    • A5 Cross-Site Request Forgery
    • A6 Security Misconfiguration
    • A7 Insecure Cryptographic Storage
    • A8 Failure to Restrict URL Access
    • A9 Insufficient Transport Layer Protection
    • A10 Unvalidated Redirects and Forwards
    • A1 Cross Site Scripting (XSS)
    • A2 Injection Flaws
    • A3 Malicious File Execution
    • A4 Insecure Direct Object Reference
    • A5 Cross Site Request Forgery (CSRF)
    • A6 Information Leakage and Improper Error Handling
    • A7 Broken Authentication and Session Management
    • A8 Insecure Cryptographic Storage
    • A9 Insecure Communications
    • A10 Failure to Restrict URL Access
    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management
    • A1 Unvalidated Input
    • A2 Broken Access Control
    • A3 Broken Authentication and Session Management
    • A4 Cross Site Scripting
    • A5 Buffer Overflow
    • A6 Injection Flaws
    • A7 Improper Error Handling
    • A8 Insecure Storage
    • A9 Application Denial of Service
    • A10 Insecure Configuration Management

References