January 14, 2003

Top 10 Web App Security Flaws

OWASP has released a report on The Top Vulnerabilities in Web Applications.

They are:
1. Unvalidated Parameters.
2. Broken Access Control
3. Broken Account and Session Management
4. Cross-Site Scripting Flaws.
5. Buffer Overflows.
6. Command Injection Flaws.
7. Error Handling Problems.
8. Insecure Use of Cryptography.
9. Remote Administration Flaws.
10. Web and Application Server Misconfiguration.

I wouldn’t put number 8 (Insecure use of Cryptography) as high as they did. I don’t know if I would put that in the top 10. I would have to be thoroughly convinced (or shown) otherwise. But other than that, I pretty much agree with them. I’m still reading the report, but it’s good stuff.

Post Info

Tagged As Coding

Comments are Open (0)

Posted at 12:00 PM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search
Comments on this post
Categories
Info
Tony Stephens
Copyright © 1995-2005
Site Version:
10
Licensed:
Creative Commons
Validate:
XHTML, CSS, 508, RSS
Subscribe
Blog-Fu, Link-Fu