Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

OWASP Top Ten for 2004

Wednesday, February 4, 2004 Comments

 .NET  ASP.NET  Database Development  Security  Web Services 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Last night, we discussed many issues that relate to secure coding, and in particular I showed examples that come from web application development.  The Open Web Application Security Project (OWASP) group published it's 2004 list of Top 10 issues last Friday.  These are the most relevant issues, and should, at a minimum, be addressed by any web application developer in creating secure web sites.

By way of Dana Epp's blog post:   

Funny thing is, many of these issues fall in the same vein as standalone application security. We can learn something from that. Education is key... no matter what the platform.

Anyways, here are the OWASP Top Ten:

  1. Unvalidated Input
  2. Broken Access Control
  3. Broken Authentication and Session Management
  4. Cross Site Scripting (XSS) Flaws
  5. Buffer Overflows
  6. Injection Flaws
  7. Improper Error Handling
  8. Insecure Storage
  9. Denial of Service
  10. Insecure Configuration Management
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook