[資安] 2010 年 TOP 10 攻擊方式

The OWASP Top 10 Web Application Security Risks for 2010
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

網頁裡面的 PDF 檔有針對每種攻擊方式詳細的解說

* A1: Injection
* A2: Cross-Site Scripting (XSS)
* A3: Broken Authentication and Session Management
* A4: Insecure Direct Object References
* A5: Cross-Site Request Forgery (CSRF)
* A6: Security Misconfiguration
* A7: Insecure Cryptographic Storage
* A8: Failure to Restrict URL Access
* A9: Insufficient Transport Layer Protection
* A10: Unvalidated Redirects and Forwards