1.6. Criterion-based mapping of guideline¶
Caution
This version is already obsolete. Please check the latest guideline.
The chapter 4 of this guideline is structured functionality wise. This section shows a mapping from a point of view other than functionality. It indicates which part of guideline contains which type of content.
1.6.1. Mapping based on security measures¶
Using OWASP Top 10 for 2013 as an axis, links to explanation of functionalities related to security have been given
No. | Item Name | Correcsponding Guideline |
---|---|---|
A1 | Injection SQL Injection |
(Details about using bind variable at the time of placeholders for query parameters) |
A1 | Injection XXE(XML External Entity) Injection | |
A2 | Broken Authentication and Session Management | |
A3 | Cross-Site Scripting (XSS) | |
A4 | Insecure Direct Object References | No mention in particular |
A5 | Security Misconfiguration |
|
A6 | Sensitive Data Exposure |
|
A7 | Missing Function Level Access Control | |
A8 | Cross-Site Request Forgery (CSRF) | |
A9 | Using Components with Known Vulnerabilities | No mention in particular |
A10 | Unvalidated Redirects and Forwards |
|