[Owasp-topten] OWASP Top 10 - 2010 rc1 Released!!

Dave Wichers dave.wichers at aspectsecurity.com
Sat Nov 14 09:57:50 EST 2009


Yep. You are correct. I have fixed it in my copy, and I'll probably post
an update at some point but I want to see if there are other little nits
like this that get reported.

 

Thanks, Dave

 

From: Dave van Stein [mailto:dvstein at gmail.com] 
Sent: Saturday, November 14, 2009 4:26 AM
To: Dave Wichers
Cc: owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] OWASP Top 10 - 2010 rc1 Released!!

 

Hai Dave,

Congratulations with this nice piece of work!

I must admit I haven't read it in detail yet, but 1 thing I noticed is
that the color of the 'difficulty' box for A8 is yellow, whereas it
should be read according to page 6.
Looking at the explanation I suspect the text is right, so the color of
the box should be red. 

regards, Dave

2009/11/14 Dave Wichers <dave.wichers at aspectsecurity.com>

Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC
Conference and officially released the 2010 release candidate.

 

I have uploaded both the presentation and the Top 10 itself to the OWASP
wiki. The presentation is in .pptx format, and the Top 10 is a PDF
document.

 

They can both be found at the top of the Top 10 project page:
http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

 

Since this is a release candidate, it is up for open comment until the
end of the year. So, please review and provide me with comments.

 

And the Top 10 for 2010 (rc1) is ...

 

*          A1: Injection 

*          A2: Cross Site Scripting (XSS) 

*          A3: Broken Authentication and Session Management 

*          A4: Insecure Direct Object References 

*          A5: Cross Site Request Forgery (CSRF) 

*          A6: Security Misconfiguration 

*          A7: Failure to Restrict URL Access 

*          A8:  Unvalidated Redirects and Forwards 

*          A9: Insecure Cryptographic Storage 

*          A10: Insufficient Transport Layer Protection

 

Thanks, Dave

 

Dave Wichers

OWASP Top 10 Lead


_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091114/c1fa307a/attachment-0001.html 


More information about the Owasp-topten mailing list