[Owasp-topten] OWASP Top 10 for 2013 is now Released!!

Dave Wichers dave.wichers at owasp.org
Wed Jun 12 15:10:58 UTC 2013

Thanks to everyone for all your spirited debate on the process and contents
of the Top 10 for 2013. The project made many updates to the Top 10 for 2013
based on these comments and also have started to develop plans for
continuing to improve the process of producing future Top 10s. We did not
change any of the Top 10 2013 categories from what was proposed in the
release candidate but made numerous changes throughout based on detailed
feedback from many different contributors.

The OWASP Top 10 - 2013 is as follows:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Known Vulnerable Components
A10 Unvalidated Redirects and Forwards

The final release can be downloaded from the main project page at:

Or the Google Top 10 Project page at: https://code.google.com/p/owasptop10/ 

If you simply want to download the document immediately, its available at:

For all the Translators out there, the Translation Efforts tab on the Top 10
Project page at OWASP includes a link to the original PowerPoint document
that was used to produce the Top 10 for 2013. That tab also lists past
translator volunteers to help you find likeminded individuals who want to
help with translation efforts.

Thanks to everyone for their contributions to this important OWASP project!


Dave Wichers
OWASP Top 10 Project Lead
OWASP Boardmember

More information about the Owasp-topten mailing list