The Security Learning

The Security Learning

P:Prevalence
W:Weakness Detectability
I:Impact

1 OWASP

A Injection:SQL,OS,LDAP injection. (P:common,W:Average,I:Severe)

B Cross-Site Scripting (XSS)(P:Very WideSpread, W:Easy,I:Moderate):恶意攻击者往Web页面里插入恶意html代码，当用户浏览该页之时，嵌入其中Web里面的html代码会被执行，从而达到恶意用户的特殊目的。

C Broken Authentication and Session Management.(P:COMMON,W:AVERAGE,I:SEVERE)

D Insecure Direct Object References.(P:COMMON,W:EASY,I:SEVERE)

E Cross-site Request Forgery:跨站请求伪造 (P:Widespread,W:EASY,I:MODERATE)

F Security Misconfiguration:(P:COMMON,W:EASY,I:MODERATE)

G Insecure Cryptographic storage:(P:UNCOMMON,W:DIFFICULT,I:SEVERE)

H Failure to Restrict URL ACCESS (P:UNCOMMON,W:AVERAGE,I:MODERATE)

I Insufficient Transport Layer Protection (P:COMMON,W:EASY,I:MODERATE)

J Unvalidated Redirects and Forwards (P:UNCOMMON,W:EASYI:MODERATE)

2 Secure Implementation Principles

SDL:Secure Development Lifecycle