[Owasp-topten] Comparison of Prior Releases to 2013

Christian Heinrich christian.heinrich at cmlh.id.au
Sun May 26 05:48:32 UTC 2013


Dennis,

On Sat, Feb 16, 2013 at 7:06 AM, Dennis Groves <dennis.groves at owasp.org>wrote:

> OWASP Top 19 2004 2007 2010 2013  Unvalidated Input A01 --- --- ---  Broken
> Access Control A02 --- --- ---  Broken Authentication & Session Management
> A03 A07 A03 A02  Cross Site Scripting (XSS) A04 A01 A02 A03  Buffer
> Overflow A05 --- --- ---  Injection Flaws A06 A02 A01 A01  Information
> Leakage & Improper Error Handling A07 A06 --- ---  Insecure Storage A08
> A08 A07 ---  Application Denial of Service A09 --- --- ---  Insecure
> Configuration Management A10 --- A06 A05  Malicious File Execution --- A03
> --- ---  Insecure Direct Object Reference --- A04 A04 A04  Cross Site
> Request Forgery (CSRF) --- A05 A05 A08  Insecure Communications --- A09
> A09 ---  Failure to Restrict URL Access --- A10 A08 ---  Unvalidated
> Redirects and Forwards --- --- A10 A10  Sensitive Data Exposure --- ---
> --- A06  Missing Function Level Access Control --- --- --- A07  Using
> Known Vulnerable Components --- --- --- A09
>

I produced a similar comparison of the 2004, 2007 and 2010 release back in
July 2010 i.e.
http://lists.owasp.org/pipermail/owasp-topten/2010-July/000686.html

Subsequently I have used your table above to QA
http://lists.owasp.org/pipermail/owasp-topten/2010-July/000686.html and
relocated this from dropbox to https://github.com/cmlh/OWASP-Top-Ten

Would you mind if I incorporated your 2013 finding (once the Release
Candidate has been accepted as final since I anticipate that there will be
significant changes) into https://github.com/cmlh/OWASP-Top-Ten and I will
gladly credit you in return while I QA your 2013 findings too?


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130526/b7ae87d5/attachment.html>


More information about the Owasp-topten mailing list