The top 10 reasons why websites get hacked

Microsoft Swiss Security Team

5 Nov 2007 2:49 AM

Comments 0
Likes

Just found the following list on the internet:

1. Cross site scripting (XSS)
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access

And that brings me back to the previous post and how important (and sometimes easy) it is to check the own websites for thise kind of vulnerabilities.

Urs

http://blogs.technet.com/ms_schweiz_security_blog/archive/2007/10/24/xssdetect-code-analysis-tool.aspx