[Owasp-leaders] OWASP Top 10 for 2013 is now Released!!

Dave Wichers dave.wichers at owasp.org
Wed Jun 12 15:47:51 UTC 2013


The OWASP Top 10 project has updated and released the final version of the
OWASP Top 10 for 2013 based on the feedback it received during the formal
comment period.

The OWASP Top 10 for 2013 is as follows:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Known Vulnerable Components
A10 Unvalidated Redirects and Forwards

The final release can be downloaded from the main project page at:
https://www.owasp.org/index.php/Top10

Or the Google Top 10 Project page at: https://code.google.com/p/owasptop10/


If you simply want to download the document immediately, its available at:
http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf

Thanks to everyone for their contributions to this important OWASP project!

Please spread the word to those organizations you are involved in to raise
awareness of these issues, particularly the new and unfamiliar A9: Using
Known Vulnerable Components. With the rapid increase in the pace of
development and the tempo of issuing new releases, it's getting even more
challenging to avoid introducing these risks in modern applications. This
rapid development tempo is also encouraging the increased use of 3rd party
as well as internally developed components, which have security issues just
like any other software. That's why A9 was introduced, to raise awareness
that developers need to make sure they are not continuing to use components
with known vulnerabilities.

Thanks, Dave

Dave Wichers
OWASP Top 10 Project Lead
OWASP Boardmember

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130612/275cfced/attachment.html>


More information about the OWASP-Leaders mailing list