OWASP Top Ten Security Threats 2010

In case you don’t have them to hand:
Last updated on April 22, 2010, the OWASP Top 10 Web Application Security Risks for 2010 are:

1. A1: Injection
2. A2: Cross-Site Scripting (XSS)
3. A3: Broken Authentication and Session Management
4. A4: Insecure Direct Object References
5. A5: Cross-Site Request Forgery (CSRF)
6. A6: Security Misconfiguration
7. A7: Insecure Cryptographic Storage
8. A8: Failure to Restrict URL Access
9. A9: Insufficient Transport Layer Protection
10. A10: Unvalidated Redirects and Forwards

Implementation of consistent security approach and framework (like ESAPI) for input and output checking and validation covers 8 of the 10 issues identified above; the rest are typically configuration issues… You can also use a programing framework basis (like a Zend Framework implementation).
Contact us for a full presentation and strategy to threat mitigation in your software application!