OWASP Publishes Top 10 Web App Security Risks for 2010

Last night the OWASP project published the 2010 issue of their Top 10 Web Application Security Risks. The list is still in Release Candidate status, so it may change. The difference from the previous lists according to the statement by OWASP

A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 Risks to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period.

As a summary, the top 10 risks to your Web Apps are:
  1. Injection flaws
  2. Cross Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Failure to Restrict URL Access
  8. Unvalidated Redirects and Forwards
  9. Insecure Cryptographic Storage
  10. Insufficient Transport Layer Protection
It is evident that OWASP hasn't invented the wheel all over again, and that this list has already been discussed for years. Yet it still falls on deaf ear for many developers - even large development companies.

You can download the full list document here, with detailed explanation of each risk.

Talkback and comments are most welcome

Related posts
SANS Announced Top 25 Programming Errors

No comments:

Designed by Posicionamiento Web