[Owasp-leaders] OWASP Top 10 for 2013 is now Released!!

Rafael Gil rafael.gillarios at owasp.org
Thu Jun 13 16:28:46 UTC 2013


So do I.

Best.


On Thu, Jun 13, 2013 at 8:55 AM, Hector Aguirre <
hector.antonio.aguirre at owasp.org> wrote:

>> Excellent news!
>
> There is a group for the translation of the OWASP Top 10 in Spanish?.
> I volunteer.
>
> Thanks and greetings from Paraguay
>
> Hector Aguirre
>
>
> On Wed, Jun 12, 2013 at 11:47 AM, Dave Wichers <dave.wichers at owasp.org>wrote:
>
>> **
>>
>> The OWASP Top 10 project has updated and released the final version of
>> the OWASP Top 10 for 2013 based on the feedback it received during the
>> formal comment period.
>>
>> The OWASP Top 10 for 2013 is as follows:
>>
>> A1 Injection
>>
>> A2 Broken Authentication and Session Management
>>
>> A3 Cross-Site Scripting (XSS)
>>
>> A4 Insecure Direct Object References
>>
>> A5 Security Misconfiguration
>>
>> A6 Sensitive Data Exposure
>>
>> A7 Missing Function Level Access Control
>>
>> A8 Cross-Site Request Forgery (CSRF)
>>
>> A9 Using Known Vulnerable Components
>>
>> A10 Unvalidated Redirects and Forwards
>>
>> The final release can be downloaded from the main project page at:
>>
>> https://www.owasp.org/index.php/Top10
>>
>> Or the Google Top 10 Project page at:
>> https://code.google.com/p/owasptop10/
>>
>> If you simply want to download the document immediately, its available at:
>>
>> http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
>>
>> Thanks to everyone for their contributions to this important OWASP
>> project!
>>
>> Please spread the word to those organizations you are involved in to
>> raise awareness of these issues, particularly the new and unfamiliar* A9:
>> ** Using Known Vulnerable Components*. With the rapid increase in the
>> pace of development and the tempo of issuing new releases, it's getting
>> even more challenging to avoid introducing these risks in modernapplications.
>> This rapid development tempo is also encouraging the increased use of 3rd
>> party as well as internally developed components, which have security
>> issues just like any other software. That's why A9 was introduced, to raise
>> awareness that developers need to make sure they are not continuing to us
>> e components with known vulnerabilities.
>>
>> Thanks, Dave
>>
>> Dave Wichers
>>
>> OWASP Top 10 Project Lead
>>
>> OWASP Boardmember
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130613/a902fe40/attachment.html>


More information about the OWASP-Leaders mailing list