The Open Web Application Security Project (OWASP) have published the top 10 most dangerous vulnerabilities in web-applications for 2013. This release comes to raise awareness about application security by identifying some of the most critical risks facing organizations. Injection flaws, such as SQL, OS, and LDAP injection remains the top security vulnerability for web application. This widely used bug allows attacker\u2019s hostile data to trick the interpreter into executing unintended commands or accessing data without proper authorization.<\/p>\n","protected":false},"excerpt":{"rendered":"
<\/p>\n
The OWASP Top 10 for 2013 is based on 8 datasets from 7 firms that specialize in application security, including 4 consulting companies and 3 tool\/SaaS vendors (1 static, 1 dynamic, and 1 with both). The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact estimates.<\/p>\n
<\/p>\n
Looking at the XSS flaws last year was ranked at the second place now it is in the third in the top. XSS allows attackers to execute scripts in the victim\u2019s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.<\/p>\n