.

OWASP Top 10 for 2010

<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Apr 21, 2010 2:13 pm

OWASP Top 10 for 2010

OWASP released a few days ago their Top 10 for 2010.

A1: Injection
A2: Cross-Site Scripting (XSS)
A3: Broken Authentication and Session Management
A4: Insecure Direct Object References
A5: Cross-Site Request Forgery (CSRF)
A6: Security Misconfiguration
A7: Insecure Cryptographic Storage
A8: Failure to Restrict URL Access
A9: Insufficient Transport Layer Protection
A10: Unvalidated Redirects and Forwards


More here.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Apr 22, 2010 4:30 am

Re: OWASP Top 10 for 2010

And (SQL) injection is back on top! OWASP has some good information and tools. there are tons of projects that people havent even heard of and they keep doing great things.

Thanks awesec!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

Anquilas

User avatar

Full Member
Full Member

Posts: 169

Joined: Fri Mar 19, 2010 7:50 am

Location: Belgium

Post Thu Apr 22, 2010 6:24 am

Re: OWASP Top 10 for 2010

Indeed! Going to my first OWASP chapter meeting in a month, looking forward to it.
Knowing every item on this top 10 list is high on my priorities :-)
Twitter: https://twitter.com/dietervds
Blog: https://synquell.wordpress.com (not much there yet)

The beginning of knowledge is the discovery of something we do not understand.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Apr 22, 2010 7:57 pm

Re: OWASP Top 10 for 2010

Yep, SQLi is still every bit as powerful as it has been.
~~~~~~~~~~~~~~
Ketchup

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software