

OWASP Top 10 - 2013 Prevention

Version: 2.0

---

This section categorizes OWASP Top 10 2013 prevention techniques that should be followed by WSO2 engineers while engineering mobile applications.

Note

OWASP has updated its top 10 list of the most critical application security risks in 2017. Refer to OWASP Top 10 2017 for the updated list.

A1 - 2013 - Injection

In OWASP Top 10 - 2013, the following vulnerabilities were discussed under Injection type of vulnerabilities.

• SQL Injection: Refer to General Recommendations for Secure Coding - SQL Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• LDAP Injection: Refer to General Recommendations for Secure Coding - LDAP Injection section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• HTTP Response Splitting (CRLF Injection): Refer to General Recommendations for Secure Coding - HTTP Response Splitting (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• Log Injection/ Log Forging (CRLF Injection): Refer to General Recommendations for Secure Coding - Log Injection/ Log Forging (CRLF Injection) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• XML External Entity (XXE): Refer to General Recommendations for Secure Coding - XML External Entity (XXE) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A2 - 2013 - Broken Authentication and Session Management

In OWASP Top 10 - 2013, the following vulnerabilities were discussed under Broken Authentication type of vulnerabilities.

• Session Hijacking: Refer to General Recommendations for Secure Coding - Session Hijacking section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• Session Fixation: Refer to General Recommendations for Secure Coding - Session Fixation section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• Session Prediction: Refer to General Recommendations for Secure Coding - Session Prediction section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A3 - 2013 - Cross-Site Scripting (XSS)

Refer to General Recommendations for Secure Coding - Cross-Site Scripting (XSS) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A4 - 2013 - Insecure Direct Object References

Under this section, OWASP Top 10 - 2013 has discussed the Path Traversal vulnerability. Refer to General Recommendations for Secure Coding - Path Traversal section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A5 - 2013 - Security Misconfiguration

Refer to General Recommendations for Secure Coding - Security Misconfiguration section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A6 - 2013 - Sensitive Data Exposure

In OWASP Top 10 - 2013, the following vulnerabilities were discussed under Sensitive Data Exposure type of vulnerabilities.

• Heap Inspection Attacks: Refer to General Recommendations for Secure Coding - Heap Inspection Attacks section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.
• Privacy Violation - Password AutoComplete: Refer to General Recommendations for Secure Coding - Privacy Violation - Password AutoComplete section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A7 - 2013 - Missing Function Level Access Control

Refer to General Recommendations for Secure Coding - Missing Function Level Access Control section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A8 - 2013 - Cross-Site Request Forgery (CSRF)

Refer to General Recommendations for Secure Coding - Cross-Site Request Forgery (CSRF) section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Note

CSRF is dropped in OWASP top 10 list of the most critical application security risks in 2017.

A9 - 2013 - Using Known Vulnerable Components

Refer to General Recommendations for Secure Coding - Using Known Vulnerable Components section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

A10 - 2013 - Unvalidated Redirects and Forwards

Refer to General Recommendations for Secure Coding - Unvalidated Redirects and Forwards section to find out the details about the vulnerability and prevention techniques that should be followed by WSO2 Engineers.

Note

Unvalidated Redirects and Forwards is dropped in OWASP top 10 list of the most critical application security risks in 2017.