[Owasp-france] Fwd: [Owasp-leaders] OWASP Top 10 for 2013 is now Released!!

Sebastien Gioria sebastien.gioria at owasp.org
Wed Jun 12 15:57:46 UTC 2013

Le top10 nouveau (en anglais) est sorti

La version FR arrive tres vite
---------- Message transféré ----------
De : "Dave Wichers" <dave.wichers at owasp.org>
Date : 12 juin 2013 17:48
Objet : [Owasp-leaders] OWASP Top 10 for 2013 is now Released!!
À : "OWASP Leaders" <owasp-leaders at lists.owasp.org>
Cc :


The OWASP Top 10 project has updated and released the final version of the
OWASP Top 10 for 2013 based on the feedback it received during the formal
comment period.

The OWASP Top 10 for 2013 is as follows:

A1 Injection

A2 Broken Authentication and Session Management

A3 Cross-Site Scripting (XSS)

A4 Insecure Direct Object References

A5 Security Misconfiguration

A6 Sensitive Data Exposure

A7 Missing Function Level Access Control

A8 Cross-Site Request Forgery (CSRF)

A9 Using Known Vulnerable Components

A10 Unvalidated Redirects and Forwards

The final release can be downloaded from the main project page at:


Or the Google Top 10 Project page at: https://code.google.com/p/owasptop10/

If you simply want to download the document immediately, its available at:


Thanks to everyone for their contributions to this important OWASP project!

Please spread the word to those organizations you are involved in to raise
awareness of these issues, particularly the new and unfamiliar* A9:** Using
Known Vulnerable Components*. With the rapid increase in the pace of
development and the tempo of issuing new releases, it's getting even more
challenging to avoid introducing these risks in modern applications. This
rapid development tempo is also encouraging the increased use of 3rd party
as well as internally developed components, which have security issues just
like any other software. That's why A9 was introduced, to raise awareness
that developers need to make sure they are not continuing to use components
with known vulnerabilities.

Thanks, Dave

Dave Wichers

OWASP Top 10 Project Lead

OWASP Boardmember

OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-france/attachments/20130612/9456c4db/attachment.html>

More information about the Owasp-france mailing list