[Owasp-topten] Comparison of Prior Releases to 2013

Neil Smithline neil.smithline at owasp.org
Mon May 27 19:28:23 UTC 2013


I'm not sure why you think that there will be "significant changes"
Christian. Did I miss something in the email threads? My understand is that
the T10 is going live in the next few weeks. Has that been changed?


On Sun, May 26, 2013 at 1:48 AM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Dennis,
>
> On Sat, Feb 16, 2013 at 7:06 AM, Dennis Groves <dennis.groves at owasp.org>wrote:
>
>> OWASP Top 19 2004 2007 2010 2013  Unvalidated Input A01 --- --- ---  Broken
>> Access Control A02 --- --- ---  Broken Authentication & Session
>> Management A03 A07 A03 A02  Cross Site Scripting (XSS) A04 A01 A02 A03  Buffer
>> Overflow A05 --- --- ---  Injection Flaws A06 A02 A01 A01  Information
>> Leakage & Improper Error Handling A07 A06 --- ---  Insecure Storage A08
>> A08 A07 ---  Application Denial of Service A09 --- --- ---  Insecure
>> Configuration Management A10 --- A06 A05  Malicious File Execution ---
>> A03 --- ---  Insecure Direct Object Reference --- A04 A04 A04  Cross
>> Site Request Forgery (CSRF) --- A05 A05 A08  Insecure Communications ---
>> A09 A09 ---  Failure to Restrict URL Access --- A10 A08 ---  Unvalidated
>> Redirects and Forwards --- --- A10 A10  Sensitive Data Exposure --- ---
>> --- A06  Missing Function Level Access Control --- --- --- A07  Using
>> Known Vulnerable Components --- --- --- A09
>>
>
> I produced a similar comparison of the 2004, 2007 and 2010 release back in
> July 2010 i.e.
> http://lists.owasp.org/pipermail/owasp-topten/2010-July/000686.html
>
> Subsequently I have used your table above to QA
> http://lists.owasp.org/pipermail/owasp-topten/2010-July/000686.html and
> relocated this from dropbox to https://github.com/cmlh/OWASP-Top-Ten
>
> Would you mind if I incorporated your 2013 finding (once the Release
> Candidate has been accepted as final since I anticipate that there will be
> significant changes) into https://github.com/cmlh/OWASP-Top-Ten and I
> will gladly credit you in return while I QA your 2013 findings too?
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
> _______________________________________________
> Owasp-topten mailing list
> Owasp-topten at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-topten
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130527/d1f0fff6/attachment.html>


More information about the Owasp-topten mailing list