Authored by Dave Wichers - 11/13/2009
Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC Conference and officially released the 2010 release candidate.
I have uploaded both the presentation and the Top 10 itself to the OWASP wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.
They can both be found at the top of the Top 10 project page: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Since this is a release candidate, it is up for open comment until the end of the year. So, please review and provide me with comments.
And the Top 10 for 2010 (rc1) is …• A1: Injection
• A2: Cross Site Scripting (XSS)
• A3: Broken Authentication and Session Management
• A4: Insecure Direct Object References
• A5: Cross Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Failure to Restrict URL Access
• A8: Unvalidated Redirects and Forwards
• A9: Insecure Cryptographic Storage
• A10: Insufficient Transport Layer Protection
OWASP Top 10 Lead