[Owasp-leaders] OWASP Top 10 - 2010 rc1 Released!!

Dave Wichers dave.wichers at owasp.org
Fri Nov 13 18:49:01 EST 2009


Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC
Conference and officially released the 2010 release candidate.

 

I have uploaded both the presentation and the Top 10 itself to the OWASP
wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.

 

They can both be found at the top of the Top 10 project page:
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

 

Since this is a release candidate, it is up for open comment until the end
of the year. So, please review and provide me with comments.

 

And the Top 10 for 2010 (rc1) is .

 

.          A1: Injection 

.          A2: Cross Site Scripting (XSS) 

.          A3: Broken Authentication and Session Management 

.          A4: Insecure Direct Object References 

.          A5: Cross Site Request Forgery (CSRF) 

.          A6: Security Misconfiguration 

.          A7: Failure to Restrict URL Access 

.          A8:  Unvalidated Redirects and Forwards 

.          A9: Insecure Cryptographic Storage 

.          A10: Insufficient Transport Layer Protection

 

Thanks, Dave

 

Dave Wichers

OWASP Top 10 Lead

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091113/eee3604c/attachment-0001.html 


More information about the OWASP-Leaders mailing list