The OWASP Top 10 Web Application Security Risks for 2010 are:

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards
Share
Related Documents
  1. OWASP Testing Guide (2855)
  2. [Free] Security Software Testing Suite (SSTS) : Application-based security testing (1943)
  3. [Ebook] Linux 101 Hacks (3126)
  4. Steps to do security testing (1911)
  5. How to Secure CXF Web Services with SSL/TLS and WS-Security (3860)
  6. Password Recovery for Security Testing (1610)
  7. [Ebook] Google Hacks : 2nd Edition (2797)
  8. [Free] WebGoat : Security Testing Tool (2475)
  9. [Ebook] Hacker Attack (2995)
  10. Putting Security Into Your Virtual World (727)
  11. Security Testing Reference : Cross-Site Scripting (XSS) (2359)
  12. Using JTest for Security Testing (2402)
  13. Security Testing Reference : SQL Injection (2452)
  14. CGISecurity : Web Server and Application Database website (854)
  15. New Advanced SQL Injection For Advanced Security Testing (1966)
  16. [Paid] Sunbelt Network Security Inspector : Network Vulnerability Assessment Scanning (1774)
  17. Types of Web Security Testing? (1626)
  18. Web Security Testing Glossary (1904)
  19. Effective Workflow for Fixing Network Vulnerabilities and Policy Compliance (771)
  20. Testing Database Security (2533)