WebApp Sec mailing list archives
OWASP Top Ten 2004 Update Released
From: "Jeff Williams @ Aspect" <jeff.williams () aspectsecurity com>
Date: Tue, 27 Jan 2004 17:13:01 -0500
Hi, This morning, the Open Web Application Security Project (OWASP) released its updated list of the 10 most critical web application security problems, marking the second year for this report. OWASP created this list to help organizations understand and improve the security of their web applications and web services. The Top 10 list is organized around particular categories of vulnerabilities that frequently occur in Web applications. This year's revision includes a new category for web application denial of service vulnerabilities that have become increasingly prevalent in systems over the last year. Also, the list now aligns with the current draft web security definitions that will be incorporated in the soon-to-be-released OASIS WAS XML standard. Many minor improvements were made as well. Recent application DOS attacks have locked users out of accounts, exhausted an application's database connections, and consumed all of an application's processing power. Exploiting these vulnerabilities, an attacker can target specific users or block all access to an application at will. The attacks do not require any special tools or expertise to launch, and have become a major risk for most web applications. Download the standard from the OWASP Web site at http://www.owasp.org/documentation/topten. We would greatly appreciate a note if your organization is using the Top Ten internally. Questions or comments about the OWASP Top Ten can be sent to topten () owasp org. Thanks, --Jeff Jeff Williams, CEO Aspect Security http://www.aspectsecurity.com
Current thread:
- OWASP Top Ten 2004 Update Released Jeff Williams @ Aspect (Jan 27)