Software Security/OWASP Top Ten

Uit Werkplaats
Ga naar: navigatie, zoeken

OWASP Top Ten

We should try to make sure that collectively the various groups cover the [OWASP Top 10]. Given that we used the Application Security Verification Standard (ASVS), also by OWASP, to divide the work, this should be guaranteed, but it doesn't hurt to check. Also, we should prevent overlap between the groups.

In the list below, mark which things your group looks at. Also, if for some issue it's not clear who looks at it, please make this explicit so we can synchronize between groups.

Top Ten (2010 edition)

  • A1: Injection
  • A2: Cross-Site Scripting (XSS)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References
  • A5: Cross-Site Request Forgery (CSRF)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards


Earlier versions also included

  • Malicious File Execution
  • Information Leakage and Improper Error Handling
Overgenomen van "https://lab.cs.ru.nl/algemeen/index.php?title=Software_Security/OWASP_Top_Ten&oldid=140310"