The Open Web Application Security Project (OWASP) has officially released the OWASP Top 10 for 2013. The previous OWASP Top 10 was released back in 2010.

Take a look at the new OWASP Top 10:

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Known Vulnerable Components
A10 Unvalidated Redirects and Forwards

Compared to the previous list, there are some modifications. For instance, XSS was formerly A2 and Security Misconfiguration was formerly A6. CSRF was formerly A5, but it has now dropped to A8.

Insecure Cryptographic Storage (A7) and Insufficient Transport Layer Protection (A9) from the OWASP Top 10 2010 have been merged into the current A6. Failure to Restrict URL Access has been renamed and broadened to become Missing Function Level Access Control (A7-2013).

Finally, A9 from the current list is new. However, it was part of Security Misconfiguration from the old Top 10.

About the Author

By Unknown on 21:01. Filed under Technology . Follow any responses to the RSS 2.0. Leave a response