secure. network. communications.
Cape Town, South Africa: Tel: +27 21 686 2227 | Fax: +27 86 551 0575 | Email us

OWASP Top Ten Security Threats 2010

In case you don’t have them to hand:
Last updated on April 22, 2010, the OWASP Top 10 Web Application Security Risks for 2010 are:

  1. A1: Injection
  2. A2: Cross-Site Scripting (XSS)
  3. A3: Broken Authentication and Session Management
  4. A4: Insecure Direct Object References
  5. A5: Cross-Site Request Forgery (CSRF)
  6. A6: Security Misconfiguration
  7. A7: Insecure Cryptographic Storage
  8. A8: Failure to Restrict URL Access
  9. A9: Insufficient Transport Layer Protection
  10. A10: Unvalidated Redirects and Forwards

Implementation of consistent security approach and framework (like ESAPI) for input and output checking and validation covers 8 of the 10 issues identified above; the rest are typically configuration issues… You can also use a programing framework basis (like a Zend Framework implementation).
Contact us for a full presentation and strategy to threat mitigation in your software application!