[Owasp-leaders] OWASP Top 10 - 2010 rc1 Released!!

Dave Wichers dave.wichers at owasp.org
Fri Nov 13 18:49:01 EST 2009

Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC
Conference and officially released the 2010 release candidate.


I have uploaded both the presentation and the Top 10 itself to the OWASP
wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.


They can both be found at the top of the Top 10 project page:


Since this is a release candidate, it is up for open comment until the end
of the year. So, please review and provide me with comments.


And the Top 10 for 2010 (rc1) is .


.          A1: Injection 

.          A2: Cross Site Scripting (XSS) 

.          A3: Broken Authentication and Session Management 

.          A4: Insecure Direct Object References 

.          A5: Cross Site Request Forgery (CSRF) 

.          A6: Security Misconfiguration 

.          A7: Failure to Restrict URL Access 

.          A8:  Unvalidated Redirects and Forwards 

.          A9: Insecure Cryptographic Storage 

.          A10: Insufficient Transport Layer Protection


Thanks, Dave


Dave Wichers

OWASP Top 10 Lead


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091113/eee3604c/attachment-0001.html 

More information about the OWASP-Leaders mailing list