TOP 10 网站安全弱点

OWASP Top 10 网站安全弱点

A1 – 注入 (Injection)
A2 – 跨站脚本 (Cross Site Scripting (XSS))
A3 – 无效的验证和会话管理 (Broken Authentication and Session Management)
A4 – 对资源不安全的直接引用 (Insecure Direct Object References)
A5 – 跨站伪造请求 (Cross Site Request Forgery (CSRF))
A6 – 错误的安全配置 (Security Misconfiguration)
A7 – 失败的网址访问权限限制 (Failure to Restrict URL Access)
A8 – 未经验证的网址重定向 (Unvalidated Redirects and Forwards)
A9 – 不安全的密码存储 (Insecure Cryptographic Storage)
A10 – 薄弱的传输层保护 (Insufficient Transport Layer Protection)