OWASP Top 10 2010 (Candidate 1) released !

The release candidate for the OWASP Top Ten for 2010 has been officially released at the OWASP AppSec DC Conference today (Nov 13, 2009). This document is now up for open comment until Dec 31, 2009. The document will be updated and released with a final version in early 2010, hopefully January.

The new additions are:
  • Security Misconfiguration
  • Unvalidated Redirects and Forwards- This I was expecting that sometimes it may be included in OWASP Top 10 because the last year itself I had detected many Open Re directions on various reputed sites. Even after reporting to them they were not paying much attention to it. I think now they can think about it as it made a place in Top 10.
But to my surprise they have excluded Information Leakage for the list which I think is more prevalent than SSL issues.

More information on:


Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection