OWASP’s new list features the most exploitable and likely security risks found in these apps. OWASP reworked the list to provide developers with more of a reality check and understanding of the real threats. New to the list are security misconfiguration and unvalidated redirects and forwards, all of which are prevalent today. Web redirects typically steer users to other pages and sites, and when the data for the destination pages isn’t properly validated, users can be redirected to phishing or malware sites by attackers.
The OWASP Top 10 report also includes how to assess the possibility that your Web application could be at risk of these types of Web attacks, as well as mitigation tips.
The OWASP Top 10 list for 2010 comprises:
2. cross-site scripting (XSS)
3. broken authentication and session management
4. insecure direct object references
5. cross-site request forgery (CSRF)
6. security misconfiguration
7. insecure cryptographic storage
8. failure to restrict URL access
9. insufficient transport layer protection
10. unvalidated redirects and forwards