Quality Time: web application security risks
Quality Time is a Futurice awareness campaign to improve knowledge related to testing. Follow Quality Time at http://blog.futurice.com or on any Futurice rest room.
TOP 10 WEB application security risks for year 2010 according to OWASP are:
A1 –Injection
A2 –Cross Site Scripting (XSS)
A3 –Broken Authentication and Session Management
A4 –Insecure Direct Object References
A5 –Cross Site Request Forgery (CSRF)
A6 –Security Misconfiguration(NEW)
A7 –Failure to Restrict URL Access
A8 –UnvalidatedRedirects and Forwards (NEW)
A9 –Insecure Cryptographic Storage A10 -Insufficient Transport Layer Protection
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. At OWASP you’ll findfree and open…
•Applicationsecurity tools and standards
•Complete books on application security testing, secure code development, and security code review
•Standard security controls and libraries
•Localchapters worldwide
•Cutting edge research
•Extensive conferences worldwide
•Mailing lists
•And more
All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem, because the most effective approaches to application security include improvements in all of these areas. We can be found at http://www.owasp.org.
-Peter Tennekes
