Last night, we discussed many issues that relate to secure coding, and in particular I showed examples that come from web application development. The Open Web Application Security Project (OWASP) group published it's 2004 list of Top 10 issues last Friday. These are the most relevant issues, and should, at a minimum, be addressed by any web application developer in creating secure web sites.
Funny thing is, many of these issues fall in the same vein as standalone application security. We can learn something from that. Education is key... no matter what the platform.
Anyways, here are the OWASP Top Ten:
- Unvalidated Input
- Broken Access Control
- Broken Authentication and Session Management
- Cross Site Scripting (XSS) Flaws
- Buffer Overflows
- Injection Flaws
- Improper Error Handling
- Insecure Storage
- Denial of Service
- Insecure Configuration Management