Comparison of 2003, 2004, 2007, 2010 and 2013 Releases OWASP Top Ten Entries (Unordered) Unvalidated Input Buffer Overflows Denial of Service Injection Cross Site Scripting (XSS) Broken Authentication and Session Management Insecure Direct Object Reference Cross Site Request Forgery (CSRF) Security Misconfiguration Missing Functional Level Access Control Unvalidated Redirects and Forwards Information Leakage and Improper Error Handling Malicious File Execution Sensitive Data Exposure Insecure Communications Remote Administration Flaws Using Known Vulnerable Components

Releases 2003

2004

2007

2010

2013

A1 A5  A6 A4 A3   A10 A2  A7  A8  A9 

A1[9]

   A2 A1 A7 A4[11] A5  A10[13]  A6 A3 A8 A9[7]  

   A1[10] A2 A3 A4 A5 A6 A8 A10 A6[8] A6[8] A7 A9  

   A1 A3 A2 A4 A8 A5 A7[16] A10   A6[17]   [18][19] A9

A5 A9[2] A6[3] A4 A3 A2  A10[3][5] A2[1]  [14][4] A7  A8[6][5] A10  

[1] Renamed “Broken Access Control” from T10 2003

[10] Renamed “Injection Flaws” from T10 2007

[2] Split “Broken Access Control” from T10 2003

[11] Split “Broken Access Control” from T10 2004

[3] Renamed “Command Injection Flaws” from T10 2003

[12] Renamed “Insecure Configuration Management” from T10 2004

[4] Renamed “Error Handling Problems” from T10 2003

[13] Split “Broken Access Control” from T10 2004

[5] Renamed “Insecure Use of Cryptography” from T10 2003

[14] Renamed “Improper Error Handling” from T10 2004

[6] Renamed “Web and Application Server ” from T10 2003

[15] Renamed “Insecure Storage” from T10 2004

[7] Split “Insecure Configuration Management” from T10 2004

[16] Renamed “Failure to Restrict URL Access” from T10 2010

[8] Reconsidered during T10 2010 Release Candidate (RC)

[17] Renamed “Insecure Cryptographic Storage” from T10 2010

[9] Renamed “Unvalidated Parameters” from T10 2003

[18] Split “Insecure Cryptographic Storage” from T10 2010 [19] Split “Security Misconfiguration” from T10 2010

Prepared by: [email protected]

Comparison of 2003, 2004, 2007, 2010 and 2013 Releases - GitHub

Denial of Service. ✘. A9[2]. ✘. ✘. ✘ ... Broken Authentication and Session Management. A3. A3. A7 ... [6] Renamed “Web and Application Server ” from T10 2003.
Download PDF
98KB Sizes 8 Downloads 163 Views
Report

Recommend Documents

2003-2004.pdf
A Friend ........................................... 3 4. He's a dreamer who got ................ 3 5. Your Special. ... Goodbye my dear Sweetheart......... 3 7 ..... 2003-2004.pdf.
2003/2004 Spring
(d) (F) Since the system c1 (1, -2) + c2 (-2,4) = (-3, 2) has no solution. 2. () 4-2, - - ? = At = i = A-, . (b) adja = |A|A = -21A. 1 1 -2 : 3 1 1 -2 : 3 1 0 -7 : -b-i-6. 3.
2003-2004.pdf
53 Surana Priyanka Mahendra. 54 Surwade Vishal Mohan. 55 Upadhhe Vivek Dilip. 56 Ved Jignesh Devendra. 57 Rokade Samir Sunil. 58 Deshmukh Amol ...
XML Notepad 2007 Design - GitHub
XML Notepad 2007 Design ... Validation, IntelliSense, and Custom Editors ... you'll find the core XmlNotepad dll project, an Application project that builds.
SMED plan 2004-2010.pdf
Sulong Pinoy! CESAR V.PURISIMA. Secretary. Department of Trade and Industry. Page 3 of 135. SMED plan 2004-2010.pdf. SMED plan 2004-2010.pdf. Open.
ASHRAE 90.1 2010 and NECB 2011 Cross Canada Comparison
Jan 31, 2012 - 40%, independent of region. Whenever the window to wall ratio of the archetype building ...... rise, with one or two speed fan (two for > 7.5 hp) .
ASHRAE 90.1 2010 and NECB 2011 Cross Canada Comparison
Jan 31, 2012 - along with the energy savings of NECB compared to ASHRAE are ... For Winnipeg, Regina, Calgary, and Saint John, the NECB energy savings.
Comparison of Square Comparison of Square-Pixel and ... - IJRIT
Square pixels became the norm because there needed to be an industry standard to avoid compatibility issues over .... Euclidean Spaces'. Information and ...
Intrinsic Methods for Comparison of Corpora - raslan 2013
Dec 6, 2013 - syntactic analysis. ... large and good-enough-quality textual content (e.g. news ... program code, SEO keywords, link spam, generated texts,. . . ).
ENGLISH AND COMMUNICATION SKILL-I (from 2007 batch to 2010 ...
(a) What has changed the idea that the Himalayas stand as guard over us? (b) How has the mountains affected our climate? Give two reasons. (c) In what ways ...
Summit Ridge School Supply List 2003-2004
Summit Ridge Middle School. Basic School Supplies Needed by Students 2015-2016. *** Replenish as Needed ***. ALL STUDENTS: • student ...
TOTAL IMMIGRATION 2001 2002 2003 2004 2005 2006 ...
database & GIS software (the Federal Information Processing Standard code for locations is used where applicable). If you do not wish to use the header rows or ...
Meadowlawn - ODE School Grade Card - 2003-2004.pdf
FEDERALLY REQUIRED SCHOOL TEACHER INFORMATION. Percentage. At least a Bachelor's Degree At least a Master's Degree. STATE AND FEDERALLY ...
Meadowlawn - ODE School Grade Card - 2003-2004.pdf ...
for School Choice. PERCENTAGE OF STUDENTS AT AND ABOVE THE PROFICIENT LEVEL. The state requirement is 75 percent. The state requirement is 75 percent. 3rd Grade Achievement. 1. Reading. 4th Grade Proficiency. 2. Citizenship. 3. Math. 4. Reading. 5. W
Placed Students 2007-2010.pdf
Page 1 of 1. K.S.R. COLLEGE OF ENGINEERING, TIRUCHENGODE. ( AUTONOMOUS INSTITUTION). Department of Computer Applications. Placed Students 2007 - 2010 (Batch). S.No REGNO STUDENT NAME NAME OF COMPANY. 1 Mercy Rebeca Slash Support Chennai. 2 Senthil Ku
download Competitive Colleges 2003-2004 Peterson s ...
Peterson s Free Download ... Each institution has a full-page statistical profile. ... Competitive Colleges 2003-2004 For ios by Peterson s, full version Competitive ...
Page 1 of 1 Nikebiz:Media:Press Releases:2008:Nash 11/17/2010 ...
Nov 17, 2010 - Phoenix Suns whose passion for environmental awareness forged a partnership ... and meets Nike's Considered design standards for taking a ...