OWASP Top 10 - 2010 rc1 Released!!

Authored by Dave Wichers - 11/13/2009

Today, I gave my presentation on the new Top 10 at the OWASP AppSec DC Conference and officially released the 2010 release candidate.

I have uploaded both the presentation and the Top 10 itself to the OWASP wiki. The presentation is in .pptx format, and the Top 10 is a PDF document.

They can both be found at the top of the Top 10 project page: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Since this is a release candidate, it is up for open comment until the end of the year. So, please review and provide me with comments.

And the Top 10 for 2010 (rc1) is …

• A1: Injection
• A2: Cross Site Scripting (XSS)
• A3: Broken Authentication and Session Management
• A4: Insecure Direct Object References
• A5: Cross Site Request Forgery (CSRF)
• A6: Security Misconfiguration
• A7: Failure to Restrict URL Access
• A8: Unvalidated Redirects and Forwards
• A9: Insecure Cryptographic Storage
• A10: Insufficient Transport Layer Protection

Thanks, Dave
Dave Wichers

OWASP Top 10 Lead