OWASP Top 10 2007 nearly done

This edition’s headings:

A1. Cross-site scripting
A2. Injections
A3. Insecure Remote File Include
A4. Insecure direct object reference
A5. Cross-site request forgeries
A6. Information leakage and improper error handling
A7. Malformed input
A8. Broken authorization
A9. Insecure cryptography and communication
A10. Privilege escalation

Note what’s missing? Note what’s new? 😉

If you want to review it, please mail me. We are putting it out to at least a month’s peer review, including previous users such as PCI and SANS, as well as folks who had no particular love for the old 2004 edition.

Unlike 2004’s edition, updating the Top 10 will become a yearly event. With some luck, we will be releasing it each and every January.

Comments

One response to “OWASP Top 10 2007 nearly done”

  1. […] Kar nekaj časa je minilo (leto 2004) od prve objave OWASP ( Open Web Application Security Project ) Top 10 varnostnih slabosti. Prihaja nova različica za leto 2007. Kratek povzetek: […]

Leave a Reply

Your email address will not be published. Required fields are marked *