[Owasp-board] Fwd: Top 10 2007

Andrew van der Stock vanderaj at owasp.org
Fri Nov 17 01:43:49 UTC 2006


Here's an e-mail exchange showing Jeremiah's ideas for his ideas on  
the Top 10. I'm not sure that Predictable file locations is necessary  
- it can be covered by Information Leakage as far as I'm concerned.  
And Dave has already stated a desire for seperate authC/authZ so  
that's where it should end up. Also, I think CSRF needs to be in the  
Top 5 out the Top 10.

Begin forwarded message:

> If I had to force rank, this is probably how'd set it up. Its  
> actually a very hard exercise.
>
> XSS
> SQL Injection
> Insufficient Authentication/Authorization - Pivilege Escalation
> Remote File Include
> Predictable Resource Location
> CSRF
> Abuse of Functionality
> Information Leakage
> Content Spoofing
> Insecure Storage

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2458 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20061117/bbece529/attachment-0002.bin>


More information about the Owasp-board mailing list