[Owasp-topten] OWASP Top 10 - 2010 rc1 Released!!

Dave Wichers dave.wichers at aspectsecurity.com
Fri Nov 13 18:46:56 EST 2009


Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC
Conference and officially released the 2010 release candidate.

 

I have uploaded both the presentation and the Top 10 itself to the OWASP
wiki. The presentation is in .pptx format, and the Top 10 is a PDF
document.

 

They can both be found at the top of the Top 10 project page:
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

 

Since this is a release candidate, it is up for open comment until the
end of the year. So, please review and provide me with comments.

 

And the Top 10 for 2010 (rc1) is ...

 

*          A1: Injection 

*          A2: Cross Site Scripting (XSS) 

*          A3: Broken Authentication and Session Management 

*          A4: Insecure Direct Object References 

*          A5: Cross Site Request Forgery (CSRF) 

*          A6: Security Misconfiguration 

*          A7: Failure to Restrict URL Access 

*          A8:  Unvalidated Redirects and Forwards 

*          A9: Insecure Cryptographic Storage 

*          A10: Insufficient Transport Layer Protection

 

Thanks, Dave

 

Dave Wichers

OWASP Top 10 Lead

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091113/e28bcfcc/attachment.html 


More information about the Owasp-topten mailing list