Wednesday, November 18, 2009

OWASP Top 10 - 2010 rc1 Released!!

Authored by Dave Wichers - 11/13/2009

Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC Conference and officially released the 2010 release candidate.

I have uploaded both the presentation and the Top 10 itself to the OWASP wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.

They can both be found at the top of the Top 10 project page: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Since this is a release candidate, it is up for open comment until the end of the year. So, please review and provide me with comments.

And the Top 10 for 2010 (rc1) is …

A1: Injection
A2: Cross Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Failure to Restrict URL Access
A8: Unvalidated Redirects and Forwards
A9: Insecure Cryptographic Storage
A10: Insufficient Transport Layer Protection

Thanks, Dave
Dave Wichers

OWASP Top 10 Lead

No comments: