[Owasp-board] Fwd: Top 10 2007
Andrew van der Stock
vanderaj at owasp.org
Fri Nov 17 01:43:49 UTC 2006
Here's an e-mail exchange showing Jeremiah's ideas for his ideas on
the Top 10. I'm not sure that Predictable file locations is necessary
- it can be covered by Information Leakage as far as I'm concerned.
And Dave has already stated a desire for seperate authC/authZ so
that's where it should end up. Also, I think CSRF needs to be in the
Top 5 out the Top 10.
Begin forwarded message:
> If I had to force rank, this is probably how'd set it up. Its
> actually a very hard exercise.
> SQL Injection
> Insufficient Authentication/Authorization - Pivilege Escalation
> Remote File Include
> Predictable Resource Location
> Abuse of Functionality
> Information Leakage
> Content Spoofing
> Insecure Storage
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2458 bytes
Desc: not available
More information about the Owasp-board