The Security Learning
P:Prevalence
W:Weakness Detectability
I:Impact
1 OWASP
A Injection:SQL,OS,LDAP injection. (P:common,W:Average,I:Severe)
B Cross-Site Scripting (XSS)(P:Very WideSpread, W:Easy,I:Moderate):恶意攻击者往Web页面里插入恶意html代码,当用户浏览该页之时,嵌入其中Web里面的html代码会被执行,从而达到恶意用户的特殊目的。
C Broken Authentication and Session Management.(P:COMMON,W:AVERAGE,I:SEVERE)
D Insecure Direct Object References.(P:COMMON,W:EASY,I:SEVERE)
E Cross-site Request Forgery:跨站请求伪造 (P:Widespread,W:EASY,I:MODERATE)
F Security Misconfiguration:(P:COMMON,W:EASY,I:MODERATE)
G Insecure Cryptographic storage:(P:UNCOMMON,W:DIFFICULT,I:SEVERE)
H Failure to Restrict URL ACCESS (P:UNCOMMON,W:AVERAGE,I:MODERATE)
I Insufficient Transport Layer Protection (P:COMMON,W:EASY,I:MODERATE)
J Unvalidated Redirects and Forwards (P:UNCOMMON,W:EASYI:MODERATE)
2 Secure Implementation Principles
SDL:Secure Development Lifecycle