The OWASP Top 10 Web Application Security Risks for 2010 are:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards
Share
Related Documents
  1. OWASP Testing Guide (2851)
  2. Putting Security Into Your Virtual World (725)
  3. Steps to do security testing (1908)
  4. [Free] Security Software Testing Suite (SSTS) : Application-based security testing (1942)
  5. [Free] WebGoat : Security Testing Tool (2472)
  6. [Ebook] Linux 101 Hacks (3124)
  7. New Advanced SQL Injection For Advanced Security Testing (1963)
  8. Security Testing Reference : Cross-Site Scripting (XSS) (2355)
  9. Security Testing Reference : SQL Injection (2448)
  10. Password Recovery for Security Testing (1608)
  11. Using JTest for Security Testing (2397)
  12. How to Secure CXF Web Services with SSL/TLS and WS-Security (3742)
  13. CGISecurity : Web Server and Application Database website (852)
  14. [Ebook] Hacker Attack (2994)
  15. [Ebook] Google Hacks : 2nd Edition (2796)
  16. [Paid] Secure Windows Auditor (SWA) : Windows security software (1550)
  17. Network Penetration Testing (1888)
  18. URL Manipulation (2063)
  19. SQL - injection: How to Test web applications against SQL attacks (2394)
  20. [Free] SiteDigger : vulnerabilities, errors, configuration issues, proprietary information, and interesting security testing tool (5213)