[Owasp-leaders] OWASP Top 10 Inconsistencies

Dave Wichers dave.wichers at owasp.org
Mon Apr 26 21:53:40 EDT 2010


Right. Thanks for pointing this out. The wiki version was started based on
the RC and the ordering wasn't updated to match the final release and I
didn't catch that. Good catch!!

 

I will have Neil fix this right away. I already told the WASC guys that it
was reordered and they know that, so hopefully their document will be
updated soon.

 

Thanks, Dave

 

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Mandeep Khera
Sent: Monday, April 26, 2010 8:34 PM
To: owasp-leaders at lists.owasp.org
Cc: Mandeep Khera
Subject: [Owasp-leaders] OWASP Top 10 Inconsistencies

 

Dear all 

 

As we were going through the Top 10 categories, I noticed some
inconsistencies in the OWASP documents that might cause some confusion and
we should fix. 

 

So, the pdf and the main page -
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=Main with
the high level categories match fine.  

 

However, when you go to the wiki page -
http://www.owasp.org/index.php/Top_10_2010-Main  - the top 10 risk
categories are the same but the reference numbers of A7 through A10 are
inconsistent.  On the wiki page, A7 should be A8, A8 should be A10, A9
should be A7, and A10 should be A9 to make it consistent with the other
documents.   

 

Also, the mapping done by the WASC is based on this Wiki page and will need
to be fixed as well -
http://projects.webappsec.org/Threat-Classification-Taxonomy-Cross-Reference
-View

 

 

Thanks

 

Mandeep Khera

Cenzic

Bay Area Chapter Leader

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20100426/6767f1ec/attachment.html 


More information about the OWASP-Leaders mailing list