{"id":130255,"date":"2009-11-14T02:44:00","date_gmt":"2009-11-14T07:44:00","guid":{"rendered":"tag:blogger.com,1999:blog-7196788127833928948.post-5622341738670314089"},"modified":"2009-11-14T02:44:00","modified_gmt":"2009-11-14T07:44:00","slug":"owasp-publishes-top-10-web-app-security-risks-for-2010","status":"publish","type":"post","link":"https:\/\/mereja.media\/index\/130255","title":{"rendered":"OWASP Publishes Top 10 Web App Security Risks for 2010"},"content":{"rendered":"

Last night the OWASP project<\/a> published the 2010 issue of their Top 10 Web Application Security Risks. The list is still in Release Candidate status, so it may change. The difference from the previous lists according to the statement by OWASP
\"\"<\/a>
<\/a><\/p>\n

\n

A significant change for this update will be that the OWASP Top 10 will be focused on the Top 10 Risks<\/b> to Web Applications, not just the most common vulnerabilities. At the conference will be the debut of the release candidate of the new Top 10, which will open up a 60 day comment period.<\/p>\n<\/blockquote>\n

As a summary, the top 10 risks to your Web Apps are:<\/span><\/p>\n

    \n
  1. Injection flaws<\/li>\n
  2. Cross Site Scripting (XSS)<\/li>\n
  3. Broken Authentication and Session Management<\/li>\n
  4. Insecure Direct Object References<\/li>\n
  5. Cross Site Request Forgery (CSRF)<\/li>\n
  6. Security Misconfiguration<\/li>\n
  7. Failure to Restrict URL Access<\/li>\n
  8. Unvalidated Redirects and Forwards<\/li>\n
  9. Insecure Cryptographic Storage<\/li>\n
  10. Insufficient Transport Layer Protection<\/li>\n<\/ol>\n

    It is evident that OWASP hasn’t invented the wheel all over again, and that this list has already been discussed for years. Yet it still falls on deaf ear for many developers – even large development companies.<\/p>\n

    You can download the full list document here, with detailed explanation of each risk.
    <\/a>
    Talkback and comments are most welcome<\/p>\n

    Related posts
    SANS Announced Top 25 Programming Errors<\/a><\/p>\n

    <\/div>\n

    <\/p>\n","protected":false},"excerpt":{"rendered":"

    Last night the OWASP project published the 2010 issue of their Top 10 Web Application Security Risks. The list is still in Release Candidate status, so it may change. The difference from the previous lists according to the statement by OWASP A significant change for this update will be that the OWASP Top 10 will […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-130255","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/comments?post=130255"}],"version-history":[{"count":0,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/posts\/130255\/revisions"}],"wp:attachment":[{"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/media?parent=130255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/categories?post=130255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mereja.media\/index\/wp-json\/wp\/v2\/tags?post=130255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}