A couple of weeks ago, OWASP – Open Web Application Security Project published the new version of its most widely known project: OWASP TOP 10. This is the third edition of such project that deals with the 10 greatest vulnerabilities found in web applications.

Compared with 2007’s previous edition, the list of vulnerabilities has not changed that much, with code injection failures (ex: SQL Injection, command injection, etc.) and Cross-Site Scripting occupying the top of the list again. Please see the comparative table below:

OWASP is a non-profit organization created in 2003 with the mission to make application security visible so that individuals and organizations could be able to make well informed decisions about real application security risks. Bearing in mind that threats have become more evident in the application layer (and no longer in the network layer as it occurred 5 years ago) it is of the utmost importance that enterprises and corporations of all sizes using systems internally or externally developed get to know more about the potential risks present in Web applications.

The document in English, in its whole integrity, is made available HERE and soon its version in Portuguese will be also released, translated by both OWASP Brazil’s and OWASP Portugal’s communities.

N-Stalker’s solution is fully able to validate your environment against vulnerabilities listed on TOP 10 2010. Contact us!