OWASP Top 10 Web Application Security Vulnerabilities for 2010

Discussion in 'Security' started by php.allstar, Apr 20, 2010.

  1. php.allstar

    php.allstar New Member

    On April 19th, OWASP released the final version of the Top 10 for 2010. The OWASP Top Ten provides a powerful awareness document for web application security. This version was updated based on comments received during the comment period after the release candidate was released in Nov. 2009.

    Click this link to download the OWASP Top 10 Web Application Security Vulnerabilities for 2010 (PDF 2.16MB)

    The OWASP Top 10 Web Application Security Risks for 2010 are:

    1. A1: Injection
    2. A2: Cross-Site Scripting (XSS)
    3. A3: Broken Authentication and Session Management
    4. A4: Insecure Direct Object References
    5. A5: Cross-Site Request Forgery (CSRF)
    6. A6: Security Misconfiguration
    7. A7: Insecure Cryptographic Storage
    8. A8: Failure to Restrict URL Access
    9. A9: Insufficient Transport Layer Protection
    10. A10: Unvalidated Redirects and Forwards
    OWASP is reaching out to developers, not just the application security community.

    • The Top 10 is about managing risk, not just avoiding vulnerabilities.
    • To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation.

     
  2. mneylon

    mneylon Administrator Staff Member

    Do they have a list of top vulnerable scripts?
     

Share This Page