OWASP Top 10 2007 nearly done

Written by

This edition’s headings:

A1. Cross-site scripting
A2. Injections
A3. Insecure Remote File Include
A4. Insecure direct object reference
A5. Cross-site request forgeries
A6. Information leakage and improper error handling
A7. Malformed input
A8. Broken authorization
A9. Insecure cryptography and communication
A10. Privilege escalation

Note what’s missing? Note what’s new?

If you want to review it, please mail me. We are putting it out to at least a month’s peer review, including previous users such as PCI and SANS, as well as folks who had no particular love for the old 2004 edition.

Unlike 2004’s edition, updating the Top 10 will become a yearly event. With some luck, we will be releasing it each and every January.

Comments

One response to “OWASP Top 10 2007 nearly done”

January 22, 2007

Ravbarji in Å¾andarji » Blog Archive » OWASP Top 10 varnostnih slabosti web aplikacij

[…] Kar nekaj Äasa je minilo (leto 2004) od prve objave OWASP ( Open Web Application Security Project ) Top 10 varnostnih slabosti. Prihaja nova razliÄica za leto 2007. Kratek povzetek: […]

OWASP Top 10 2007 nearly done

Comments

One response to “OWASP Top 10 2007 nearly done”

Leave a Reply

More posts

WordPress updated

Privacy Policy

Keeping work papers

Porting Freemint to ARM – Retro Challenge RC2017/10