I've recently come across the OWASP (The Open Web Application Security Project) and it's really opened up my eyes. http://www.owasp.org/index.php/Main_Page

According to their website:
"Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license."

The thing that interests me is that they've compiled a list of top 10 security risks focusing on web applications. Most developers have heard of some of the vulnerabilities that are listed, but few really understand them and fewer "code to the doc". The document details, implications and ways of avoiding the pitfalls. I believe that all developers should be well versed with this document or at least these concepts. This way, the chances of an application and/or data being compromised will be largely negated. Security is never a yes/no question, but I this is an excellent starting point.

Here's a list of the top 10 vulnerabilities:
  • A1: Injection (read more)
  • A2: Cross-Site Scripting (XSS) (read more)
  • A3: Broken Authentication and Session Management
  • A4: Insecure Direct Object References (read more)
  • A5: Cross-Site Request Forgery (CSRF) (read more)
  • A6: Security Misconfiguration
  • A7: Insecure Cryptographic Storage (read more)
  • A8: Failure to Restrict URL Access
  • A9: Insufficient Transport Layer Protection
  • A10: Unvalidated Redirects and Forwards
Here's a link to the doc:
http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf
On the website, there are also a number of tools and API's to ensure that your app is safe - So....now there's no excuses for someone compromising your systems! (or your visitors')

0 comments


Twitter Delicious Facebook Digg Stumbleupon Favorites More