OWASP Top 10 2010 has been released

Michael Boman | 4/19/2010 09:39:00 AM | | 1 comments

The OWASP Top 10 Web Application Security Risks for 2010 are:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards
It has now been weighted based on the actual risk exposed by such vulnerabilities based upon OWASP Risk Rating Methodology, while the 2007 version was focused on common vulnerabilities. There has also been some changes since the release candidate:

For application (security) testers the A10 (Unvalidated Redirects and Forwards) is one of the new items on the list that doesn't have a mapping to the OWASP Testing Guide yet, but that is a matter of time before it is created. There has been some changes since the release candidate as well:
OWASP Top 10
#
2007
2010 RC1
2010 Final
1
A1 - Cross Site Scripting (XSS)
A1 - Injection
A1 - Injection
2
A2 - Injection Flaws
A2 - Cross Site Scripting (XSS)
A2 - Cross-Site Scripting (XSS)
3
A3 - Malicious File Execution
A3 - Broken Authentication and Session Management
A3 - Broken Authentication and Session Management
4
A4 - Insecure Direct Object Reference
A4 - Insecure Direct Object References
A4 - Insecure Direct Object References
5
A5 - Cross Site Request Forgery (CSRF)
A5 - Cross Site Request Forgery (CSRF)
A5 - Cross-Site Request Forgery (CSRF)
6
A6 - Information Leakage and Improper Error Handling
A6 - Security Misconfiguration
A6 - Security Misconfiguration
7
A7 - Broken Authentication and Session Management
A7 - Failure to Restrict URL Access
A7 - Insecure Cryptographic Storage
8
A8 - Insecure Cryptographic Storage
A8 - UnvalidatedRedirects and Forwards
A8 - Failure to Restrict URL Access
9
A9 - Insecure Communications
A9 - Insecure Cryptographic Storage
A9 - Insufficient Transport Layer Protection
10
A10 - Failure to Restrict URL Access
A10 - Insufficient Transport Layer Protection
A10 - Unvalidated Redirects and Forwards




1 comments:

dissertation said...

Whenever i see the post like your's i feel that there are still helpful people who share information for the help of others, it must be helpful for other's. thanx and good job.

Management Dissertation Proposal

June 9, 2010 6:28 PM

Post a Comment

Subscribe to: Post Comments (Atom)