Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Sunday, June 16, 2013

OWASP PUBLISHED 2013 TOP 10 VULNERABILITIES

The Open Web Application Security Project (OWASP) have published the top 10 most dangerous vulnerabilities in web-applications for 2013. This release comes to raise awareness about application security by identifying some of the most critical risks facing organizations. Injection flaws, such as SQL, OS, and LDAP injection remains the top security vulnerability for web application. This widely used bug allows attacker’s hostile data to trick the interpreter into executing unintended commands or accessing data without proper authorization.





The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in application security, including 4 consulting companies and 3 tool/SaaS vendors (1 static, 1 dynamic, and 1 with both). The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact estimates.


Looking at the XSS flaws last year was ranked at the second place now it is in the third in the top. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.



Link: http://www.sectechno.com/2013/06/15/owasp-published-2013-top-10-vulnerabilities/

Posted on 06/16
MalwareTrendsPermalink