15 February 2013

OWASP Top 10 - 2013 Release Candidate

A draft of the next edition of the OWASP Top 10 is available for review and comment.

OWASP Top 10 - 2013 Release Candidate includes some changes to the current 2010 edition:

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly A3)
  • A3 Cross-Site Scripting (XSS) (was formerly A2)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration (was formerly A6)
  • A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
  • A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
  • A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards

OWASP plans to issue the final public release of the OWASP Top 10 - 2013 in April or May after a public comment period ending 30th March 2013. The alternative methods for submitting comments are described on the first page of the draft document. There are discussions already on the OWASP Top Ten Project's mailing list.

Posted on: 15 February 2013 at 18:30 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
OWASP Top 10 - 2013 Release Candidate
https://www.clerkendweller.uk/2013/2/15/OWASP-Top-10--2013-Release-Candidate
ISO/IEC 18004:2006 QR code for https://clerkendweller.uk

Page https://www.clerkendweller.uk/2013/2/15/OWASP-Top-10--2013-Release-Candidate
Requested by 54.145.166.96 on Saturday, 23 May 2015 at 03:40 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use https://www.clerkendweller.uk/page/terms
Privacy statement https://www.clerkendweller.uk/page/privacy
© 2013-2015 clerkendweller.uk