Monday, April 19, 2010

OWASP Top 10 for 2010 Released

The Open Web Application Security Project (OWASP) has updated its Top 10 web application vulnerabilities. Click here to access the OWASP site and download the document. From the website:

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2010 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

PCI requires that if you develop custom code for payment applications, the code must be assessed against the vulnerabilities in this list. So if you have developers, make sure they get the word about this update.

No comments:

Post a Comment