Last night the OWASP project published the 2010 issue of their Top 10 Web Application Security Risks. The list is still in Release Candidate status, so it may change. The difference from the previous lists according to the statement by OWASP
As a summary, the top 10 risks to your Web Apps are:
A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 Risks to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period.
- Injection flaws
- Cross Site Scripting (XSS)
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross Site Request Forgery (CSRF)
- Security Misconfiguration
- Failure to Restrict URL Access
- Unvalidated Redirects and Forwards
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
You can download the full list document here, with detailed explanation of each risk.
Talkback and comments are most welcome
SANS Announced Top 25 Programming Errors