OWASP Top Ten Security Threats 2010
In case you don’t have them to hand:
Last updated on April 22, 2010, the OWASP Top 10 Web Application Security Risks for 2010 are:
- A1: Injection
- A2: Cross-Site Scripting (XSS)
- A3: Broken Authentication and Session Management
- A4: Insecure Direct Object References
- A5: Cross-Site Request Forgery (CSRF)
- A6: Security Misconfiguration
- A7: Insecure Cryptographic Storage
- A8: Failure to Restrict URL Access
- A9: Insufficient Transport Layer Protection
- A10: Unvalidated Redirects and Forwards
Implementation of consistent security approach and framework (like ESAPI) for input and output checking and validation covers 8 of the 10 issues identified above; the rest are typically configuration issues… You can also use a programing framework basis (like a Zend Framework implementation).
Contact us for a full presentation and strategy to threat mitigation in your software application!