OWASP是一个开源的、非盈利的全球性安全组织,致力于应用软件的安全研究。我们的使命是使应用软件更加安全,使企业和组织能够对应用安全风险作出更清晰的决策。目前OWASP全球拥有140个分会近四万名会员,共同推动了安全标准、安全测试工具、安全指导手册等应用安全技术的发展。

 

A1 Injection

A2 Broken Authentication and Session Management (was formerly A3)

A3 Cross-Site Scripting (XSS) (was formerly A2)

A4 Insecure Direct Object References

A5 Security Misconfiguration (was formerly A6)

A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)

A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)

A8 Cross-Site Request Forgery (CSRF) (was formerly A5)

A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)

A10 Unvalidated Redirects and Forwards

下载地址:http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf