Thursday, March 31, 2011

Security Attacks - OWASP Top 10

I was looking into cross site scripting for security testing. Look at OWASP top 10 attacks for year 2010, 2007, 2004. Few items have gone up or down, added and removed.

Year 2010 - Top 10

  1. Injection
  2. Cross-Site Scripting (XSS)
  3. Broken Authentication and Session Management
  4. Insecure Direct Object References
  5. Cross-Site Request Forgery (CSRF)
  6. Security Misconfiguration
  7. Insecure Cryptographic Storage
  8. Failure to Restrict URL Access
  9. Insufficient Transport Layer Protection
  10. Unvalidated Redirects and Forwards

Year 2007 - Top 10
  1. Cross Site Scripting (XSS)
  2. Injection Flaws
  3. Malicious File Execution
  4. Insecure Direct Object Reference
  5. Cross Site Request Forgery (CSRF)
  6. Information Leakage and Improper Error Handling
  7. Broken Authentication and Session Management
  8. Insecure Cryptographic Storage
  9. Insecure Communications
  10. Failure to Restrict URL Access

Year 2004 - Top 10
  1. Unvalidated Input
  2. Broken Access Control
  3. Broken Account and Session Management
  4. Cross Site Scripting (XSS) Flaws
  5. Buffer Overflows
  6. Injection Flaws
  7. Improper Error Handling
  8. Insecure Storage
  9. Denial of Service
  10. Insecure configuration management