ADD.(06743) 서울 서초구 강남대로34길 32, 302호(예정빌딩)
TEL.02-574-8148
FAX.0303-0947-8149
E-mail.gdcns@gadukcns.com
보안분야
보안분야
HOME > 자료실 > 보안분야
[보안분야] OWASP TOP 10 취약점 및 국정원 8대 취약점 제거
- 등록일
- 2023.08.11
- 조회수
- 176
-
분류
보안분야 -
자료명
OWASP TOP 10 취약점 및 국정원 8대 취약점 제거 -
홈페이지 url
-
자료제공처
OWASP -
등록일자
2021
OWASP TOP 10
A01:2021-Broken Access Control moves up from the fifth position
A02:2021-Cryptographic Failures shifts up one position to #2
A03:2021-Injection slides down to the third position.
A04:2021-Insecure Design is a new category for 2021, with a focus on risks related to design flaws.
A05:2021-Security Misconfiguration moves up from #6 in the previous edition
A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #2 in the Top 10 community survey, but also had enough data to make the Top 10 via data analysis.
A07:2021-Identification and Authentication Failures was previously Broken Authentication and is sliding down from the second position, and now includes CWEs that are more related to identification failures.
A08:2021-Software and Data Integrity Failures is a new category for 2021, focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity.
A09:2021-Security Logging and Monitoring Failures was previously Insufficient Logging & Monitoring and is added from the industry survey (#3), moving up from #10 previously.
A10:2021-Server-Side Request Forgery is added from the Top 10 community survey (#1).
국정원 8대 취약점
1. Directory Risting 취약점
2. File Download 취약점
3. Cross Site Script (XXS) 취약점
4. File Upload 취약점
5. Web DAV 취약점
6. TechNote 취약점
7. ZeroBoard 취약점
8. SQL Injection 취약점
A01:2021-Broken Access Control moves up from the fifth position
A02:2021-Cryptographic Failures shifts up one position to #2
A03:2021-Injection slides down to the third position.
A04:2021-Insecure Design is a new category for 2021, with a focus on risks related to design flaws.
A05:2021-Security Misconfiguration moves up from #6 in the previous edition
A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #2 in the Top 10 community survey, but also had enough data to make the Top 10 via data analysis.
A07:2021-Identification and Authentication Failures was previously Broken Authentication and is sliding down from the second position, and now includes CWEs that are more related to identification failures.
A08:2021-Software and Data Integrity Failures is a new category for 2021, focusing on making assumptions related to software updates, critical data, and CI/CD pipelines without verifying integrity.
A09:2021-Security Logging and Monitoring Failures was previously Insufficient Logging & Monitoring and is added from the industry survey (#3), moving up from #10 previously.
A10:2021-Server-Side Request Forgery is added from the Top 10 community survey (#1).
국정원 8대 취약점
1. Directory Risting 취약점
2. File Download 취약점
3. Cross Site Script (XXS) 취약점
4. File Upload 취약점
5. Web DAV 취약점
6. TechNote 취약점
7. ZeroBoard 취약점
8. SQL Injection 취약점