[Owasp-leaders] OWASP Top 10 for 2013 is now Released!!

Hector Aguirre hector.antonio.aguirre at owasp.org
Thu Jun 13 13:55:17 UTC 2013


⃕
Excellent news!

There is a group for the translation of the OWASP Top 10 in Spanish?.
I volunteer.

Thanks and greetings from Paraguay

Hector Aguirre


On Wed, Jun 12, 2013 at 11:47 AM, Dave Wichers <dave.wichers at owasp.org>wrote:

> **
>
> The OWASP Top 10 project has updated and released the final version of
> the OWASP Top 10 for 2013 based on the feedback it received during the
> formal comment period.
>
> The OWASP Top 10 for 2013 is as follows:
>
> A1 Injection
>
> A2 Broken Authentication and Session Management
>
> A3 Cross-Site Scripting (XSS)
>
> A4 Insecure Direct Object References
>
> A5 Security Misconfiguration
>
> A6 Sensitive Data Exposure
>
> A7 Missing Function Level Access Control
>
> A8 Cross-Site Request Forgery (CSRF)
>
> A9 Using Known Vulnerable Components
>
> A10 Unvalidated Redirects and Forwards
>
> The final release can be downloaded from the main project page at:
>
> https://www.owasp.org/index.php/Top10
>
> Or the Google Top 10 Project page at:
> https://code.google.com/p/owasptop10/
>
> If you simply want to download the document immediately, its available at:
>
> http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
>
> Thanks to everyone for their contributions to this important OWASP project!
>
> Please spread the word to those organizations you are involved in to raise
> awareness of these issues, particularly the new and unfamiliar* A9:** Using
> Known Vulnerable Components*. With the rapid increase in the pace of
> development and the tempo of issuing new releases, it's getting even more
> challenging to avoid introducing these risks in modern applications. This
> rapid development tempo is also encouraging the increased use of 3rd
> party as well as internally developed components, which have security
> issues just like any other software. That's why A9 was introduced, to raise
> awareness that developers need to make sure they are not continuing to usecomponents with known vulnerabilities.
>
> Thanks, Dave
>
> Dave Wichers
>
> OWASP Top 10 Project Lead
>
> OWASP Boardmember
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130613/7645092f/attachment.html>


More information about the OWASP-Leaders mailing list