A8 - Failure to Restrict URL Access - Oitava maior falha de segurança descrito pela OWASP.

0_1452173379209_Slide1.png

0_1452173569122_Slide2-1.png

0_1452173584614_Slide3.png

0_1452173593890_Slide4.png

0_1452173608491_Slide5.png

0_1452173629718_Slide6.png

0_1452173641155_Slide7.png

0_1452173662650_Slide8-1.png

0_1452173676816_Slide9.png

0_1452173693524_Slide10.png

0_1452173716876_Slide11-2.png

0_1452173735632_new.png

0_1452173758775_Slide13-2.png

Para se aprofunda sobre o assunto leia as referências:
Referências OWASP
OWASP Top 10-2010:
https://www.owasp.org/index.php/Top_10_2010-A8-Failure_to_Restrict_URL_Access
ESAPI Access Control API:
http://owasp-esapi-java.googlecode.com/svn/trunk_doc/latest/org/owasp/esapi/AccessController.html
OWASP Development Guide: Chapter on Authorization:
https://www.owasp.org/index.php/Guide_to_Authorization
OWASP Article on Forced Browsing:
https://www.owasp.org/index.php/Forced_browsing
For additional access control requirements, see the ASVS requirements area for Access Control (V4):
http://www.owasp.org/index.php/ASVS

Referências Externas:
CWE Entry 285 on Improper Access Control (Authorization) - http://cwe.mitre.org/data/definitions/285.html

Visite meu blog www.vidadetestador.com