Friday, November 13, 2009

OWASP Top 10 (2010 release candidate 1)

The newest version of the OWASP Top 10, the Top 10 Most Critical Web Application Security Risks, has been made available as a release candidate! This project is extraordinarily meaningful to the application security industry as it exercises influence over PCI-DSS, global policy, developer awareness, and product direction. Notable changes were made from the 2007 version to assist organizations in visualizing, understanding, and solving these issues. Now is the time for the application security community to send in their feedback to make the list the best we possibly can by the end of the year when it will be ratified.

Download: presentation (ppt) and the complete document (pdf)

"Welcome to the OWASP Top 10 2010! This significant update presents a more concise, risk focused list of the Top 10 Most Critical Web Application Security Risks. The OWASP Top 10 has always been about risk, but this update makes this much more clear than previous editions, and provides additional information on how to assess these risks for your applications.


For each top 10 item, this release discusses the general likelihood and consequence factors that are used to categorize the typical severity of the risk, and then presents guidance on how to verify whether you have this problem, how to avoid this problem, some example flaws in that area, and pointers to links with more information.


The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic methods to protect against these high risk problem areas – a great start to your secure coding security program."



6 comments:

Tom Brennan said...

Updated PRESO @ http://www.owasp.org/images/a/a1/AppSec_DC_2009_-_OWASP_Top_10_-_2010_rc1.pptx

kkll2 said...

Please distribute files in open formats.

Anonymous said...

As kkll2 suggests, for an open standards organization, it's surprising you'd consider using PPTX files for distributing content. What's wrong with a text document, or worst case, a PDF?

Aaron

Dave Wichers said...

We would be happy to provide the final version of the Top 10 in multiple open formats. The current version was released in PDF. The OWASP presentations are usually released as powerpoints so people can use and edit these presentations to make their own. If they are released in PDF only, then they are harder to mix/remix/etc. for other purposes.

-Dave Wichers (Top 10 project lead)

hypatia said...

@Dave: I expect that kkll2 was suggesting OpenOffice ODF format, which is supported in Office 2007 with a plugin rather than PDF as an "open format" :)

-Leigh

Смотреть фильмы без смс said...

As always wonderful. Added to bookmarks.