The typical 10 security breaches

slk3's Avatar, Join Date: Mar 2013
Newbie Member
IBM AppScan is a good tool to detect security breaches of web applications. Does anybody ever study it? Typically AppScan can find out 10 main attacks including
  • XSS,
  • SQL(Code) Injection,
  • Malicious file execution,
  • Insecure direct object references,
  • CSRF,
  • Information to leak out and improper error handling,
  • Broken authentication and Session management,
  • Insecure cryptographic storage,
  • Unsecured communication,
  • URL access restrictions fail
What are the corresponding solutions for them? Does anybody ever summarize?
Syperus's Avatar, Join Date: Sep 2011
Go4Expert Member
Where's buffer overflow? This is one of the top security risks due to poor programming techniques.