OWASP TOP 10
版本 | 2013 | 2017 | 2021 |
A1 | Iniection注入攻击 | Iniection注入攻击 | 失效的访问控制 Broken Access Control |
A2 | 失效的验证与连接管理 Broken Authentiaction and Session Management | 失效的身份验证 Broken Authentiaction | 加密机制失效 Cryptographic Failures |
A3 | Cross-Site Scripting 跨站脚本攻击 | Sensitive Data Exposure 敏感数据泄露 | Injection 注入 |
A4 | Insecure Direct Oibect Reference 不安全的直接对象引用 | XML External Entity(XEE) XML外部实体漏洞 | Insecure Design 不安全设计 |
A5 | Security Misconfiguration 安全配置错误 | Broken Access Contral 无效的访问控制 | Security Misconfiguration 安全配置错误 |
A6 | Sensitive Data Expose 敏感数据泄露 | Security Misconfiguration 安全配置错误 | Vulnerable and Outdated Components 自带缺陷和过时组件 |
A7 | Mission Function Level Access Contral 缺少功能级别的访问控制 | Cross-Site Scripting 跨站脚本攻击 | Identification and Authentication Failures 身份识别和身份验证错误 |
A8 | Cross-Site Request Forgery(CSRF) 跨站请求伪造 | Insecure Deserialization 不安全的反序列化漏洞 | Software and Data Integrity Failures 软件和数据完整性故障 |
A9 | Using Components with Known Vulnerabilities 使用含有已知漏洞的组件 | Using Known Vulnerable Components 使用含有已知漏洞的组件 | Security Logging and Monitoring Failures 安全日志和监控故障* |
A10 | Unvalidated Redirects and Forwards 未验证的重定向与转发 | Insuficient Logging &Monitoring 日志与监控不足 | Server-Side Request Forgery 服务端请求伪造 |