[Owasp-topten] OWASP Top 10 - 2010 rc1 Released!!

Dave van Stein dvstein at gmail.com
Sat Nov 14 04:26:23 EST 2009


Hai Dave,

Congratulations with this nice piece of work!

I must admit I haven't read it in detail yet, but 1 thing I noticed is that
the color of the 'difficulty' box for A8 is yellow, whereas it should be
read according to page 6.
Looking at the explanation I suspect the text is right, so the color of the
box should be red.

regards, Dave

2009/11/14 Dave Wichers <dave.wichers at aspectsecurity.com>

>  Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC
> Conference and officially released the 2010 release candidate.
>
>
>
> I have uploaded both the presentation and the Top 10 itself to the OWASP
> wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.
>
>
>
> They can both be found at the top of the Top 10 project page:
> http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
>
>
>
> Since this is a release candidate, it is up for open comment until the end
> of the year. So, please review and provide me with comments.
>
>
>
> And the Top 10 for 2010 (rc1) is …
>
>
>
> •          *A1: Injection *
>
> •          *A2: Cross Site Scripting (XSS) *
>
> •          *A3: Broken Authentication and Session Management *
>
> •          *A4: Insecure Direct Object References *
>
> •          *A5: Cross Site Request Forgery (CSRF) *
>
> •          *A6: Security Misconfiguration *
>
> •          *A7: Failure to Restrict URL Access *
>
> •          *A8:  Unvalidated Redirects and Forwards *
>
> •          *A9: Insecure Cryptographic Storage *
>
> •          *A10: Insufficient Transport Layer Protection*
>
>
>
> Thanks, Dave
>
>
>
> Dave Wichers
>
> OWASP Top 10 Lead
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091114/3efe0e7c/attachment.html 


More information about the Owasp-topten mailing list