[Owasp-topten] Feedback on OWASP 2010 Top 10

Dave Wichers dave.wichers at aspectsecurity.com
Tue Nov 17 18:19:21 EST 2009

The awareness of them both might be very high, but unfortunately, both
are still very common, and both introduce significant risks. As such, we
believe they need to be highlighted separately.




From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of daniel
Sent: Tuesday, November 17, 2009 9:43 AM
To: McGovern, James F. (eBusiness)
Cc: owasp-topten at lists.owasp.org
Subject: Re: [Owasp-topten] Feedback on OWASP 2010 Top 10


I agree. 

Back in the day it was important to have the likes of XSS/SQLi as
separate categories, namely due to the fact they weren't well-known, but
the level of awareness today is far greater than back in 2004. Would it
not be more suitable to have a single parent category such as injection
and then have the sub-categories below depending on how widespread they

2009/11/17 McGovern, James F. (eBusiness)
<James.McGovern at thehartford.com>

 My peers were discussing the top ten and wanted to understand why
certain categories couldn't be collapsed into "input validation" for
example SQL Injection such that room could be made for other
This communication, including attachments, is for the exclusive use of
addressee and may contain proprietary, confidential and/or privileged
information.  If you are not the intended recipient, any use, copying,
disclosure, dissemination or distribution is strictly prohibited.  If
you are not the intended recipient, please notify the sender immediately
by return e-mail, delete this communication and destroy all copies.

Owasp-topten mailing list
Owasp-topten at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20091117/ce0b660e/attachment.html 

More information about the Owasp-topten mailing list