Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Sunday, November 8, 2009
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure web applications
Secure web development
Secure data deletion
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
Application developers
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
NeXpose Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Top 10 Web Application Security Vulnerabilities

Based on the Open Web Application Security Project (OWASP) Research

Customized for Penn by the Secure Web Application Team
Last Updated: August 11, 2006

Contents

  Introduction
1. Unvalidated Input
2. Broken Access Control
3. Broken Authentication and Session Management
4. Cross-Site Scripting (XSS) Flaws
5. Buffer Overflows
6. Injection Flaws (Shell Commands and SQL)
7. Improper Error Handling
8. Insecure Storage
9. Denial of Service
10. Insecure Configuration Management
  Conclusions

Back to SWAT Homepage
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania