cubalo

On June 12, the Open Web Application Security Project (OWASP) released an updated list of the top 10 web application vulnerabilities facing developers. This is the first major update to the list since 2010, which was well integrated into many web app testing frameworks and methodologies.

The OWASP Top 10 - 2013 is as follows:

• A1 - Injection
• A2 - Broken Authentication and Session Management (was formerly 2010-A3)
• A3 - Cross-Site Scripting (XSS) (was formerly 2010-A2)
• A4 - Insecure Direct Object References
• A5 - Security Misconfiguration (was formerly 2010-A6)
• A6 - Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
• A7 - Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
• A8 - Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
• A9 - Using Known Vulnerable Components (new but was part of 2010-A6 – Security Misconfiguration)
• A10 - Unvalidated Redirects and Forwards

For more information, head over to the OWASP Top 10 project page.