[Owasp-switzerland] OWASP Top 10 2010 - RC1 available for download

AF antonio.fontes at owasp.org
Mon Nov 16 05:34:07 EST 2009


Dear Listers,

Last Saturday, Dave Wichers announced the first release candidate
for a highly anticipated OWASP project release: The OWASP Top 10 2010.

The Top 10 2010 describes the ten most critical risks commonly found
in vulnerable web applications. It describes what these risks consist of,
but also their corresponding threats, attack vectors, detection and corrective
measures and their impact.

For those used to the previous release (2007), the new release includes 2
changes in the list, which now consists of:

- A1: Injection
- A2: Cross Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Failure to Restrict URL Access
- A8:  Unvalidated Redirects and Forwards
- A9: Insecure Cryptographic Storage
- A10: Insufficient Transport Layer Protection

The 2010 release also shows a shift in the methodology, which now highly
focuses on a more risk-based approach.

While still in RC1 state, reading of this document is highly recommended and
as I hope, any discussion is welcomed on the OWASP-lists.

Best regards,

Antonio Fontes
OWASP Geneva Chapter



Info & Download links:
---------------------------------------
Top 10 2010 project:
 http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Top 10 2010 download:
 http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf



-- 
OWASP Geneva Chapter
chapter site: http://www.owasp.org/index.php/Geneva
mailing list: https://lists.owasp.org/mailman/listinfo/owasp-Geneva


More information about the Owasp-Switzerland mailing list