开放式Web应用程序安全项目(OWASP,Open Web Application Security Project)是一个组织,它提供有关计算机和互联网应用程序的公正、实际、有成本效益的信息。其目的是协助个人、企业和机构来发现和使用可信赖软件。2017年列了十大安全攻击类型:
•A1 Injection
•A2 Broken Authentication and Session Management
•A3 Cross-Site Scripting (XSS)
•A4 Broken Access Control (As it was in 2004)
•A5 Security Misconfiguration
•A6 Sensitive Data Exposure
•A7 Insufficient Attack Protection (NEW)
•A8 Cross-Site Request Forgery (CSRF)
•A9 Using Components with Known Vulnerabilities
•A10 Underprotected APIs (NEW)
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
