[Owasp-leaders] OWASP Top 10 for 2013 is now Released!!

David Montero david.montero at owasp.org
Thu Jun 13 18:27:37 UTC 2013


I volunteer too.

Enviado desde mi iPad

El 13/06/2013, a las 15:55, Hector Aguirre <hector.antonio.aguirre at owasp.org> escribió:

> ⃕Excellent news!
> 
> There is a group for the translation of the OWASP Top 10 in Spanish?.
> I volunteer.
> 
> Thanks and greetings from Paraguay
> 
> Hector Aguirre
> 
> 
> On Wed, Jun 12, 2013 at 11:47 AM, Dave Wichers <dave.wichers at owasp.org> wrote:
>> The OWASP Top 10 project has updated and released the final version of the OWASP Top 10 for 2013 based on the feedback it received during the formal comment period.
>> 
>> 
>> The OWASP Top 10 for 2013 is as follows:
>> 
>> A1 Injection
>> 
>> A2 Broken Authentication and Session Management
>> 
>> A3 Cross-Site Scripting (XSS)
>> 
>> A4 Insecure Direct Object References
>> 
>> A5 Security Misconfiguration
>> 
>> A6 Sensitive Data Exposure
>> 
>> A7 Missing Function Level Access Control
>> 
>> A8 Cross-Site Request Forgery (CSRF)
>> 
>> A9 Using Known Vulnerable Components
>> 
>> A10 Unvalidated Redirects and Forwards
>> 
>> The final release can be downloaded from the main project page at:
>> 
>> https://www.owasp.org/index.php/Top10
>> 
>> Or the Google Top 10 Project page at: https://code.google.com/p/owasptop10/ 
>> 
>> If you simply want to download the document immediately, its available at:
>> 
>> http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
>> 
>> 
>> Thanks to everyone for their contributions to this important OWASP project!
>> 
>> Please spread the word to those organizations you are involved in to raise awareness of these issues, particularly the new and unfamiliar A9: Using Known Vulnerable Components. With the rapid increase in the pace of development and the tempo of issuing new releases, it's getting even more challenging to avoid introducing these risks in modern applications. This rapid development tempo is also encouraging the increased use of 3rd party as well as internally developed components, which have security issues just like any other software. That's why A9 was introduced, to raise awareness that developers need to make sure they are not continuing to use components with known vulnerabilities.
>> 
>> Thanks, Dave
>> 
>> Dave Wichers
>> 
>> OWASP Top 10 Project Lead
>> 
>> OWASP Boardmember
>> 
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130613/f7a5224c/attachment.html>


More information about the OWASP-Leaders mailing list