Call us:    +44 (0) 207 0439 349        Company      Contact us

OWASP Top 10 2013

Posted by on Mar 11, 2013 in Security BlogNo comments

What is OWASP?

OWASP stands for Open Web Applications Security Project, and is an open-source collaboration of web based security tools, technologies and methodologies from industry leaders, educational organisations and individuals from around the world. The aim of OWASP is simple; help people with a useful and clear resource of tools and documents to help understand web application security to better protect themselves online. The OWASP Top 10 2013 has recently been published and is summarized below.

What is OWASP Top 10 2013?

OWASP collects data from successful web application attacks and uses this data to produce the OWASP Top 10 2013 statistics. The OWASP Top 10 2013 refers to the top 10 web attacks as seen over the year by security experts, and community contributors to the project. This year shows a few additions to what OWASP top 10 had in previous years, including A6, A7 and A9.

Current OWASP Top 10 2013

A1 – Injection (ref)

A2 – Broken Authentication / Session Management (ref)

A3 – Cross site scripting (XSS) (ref)

A4 – Insecure Direct Object References (ref)

A5 – Security Misconfiguration (ref)

A6 – Sensitive Data Exposure (ref)

A7 – Missing Function Level Access Control (ref)

A8 – Cross Site Request Forgery (ref)

A9 – Using Components with known vulnerabilities (ref)

A10 – Unvalidated Redirects and Forwards (ref)

What does this mean for you?

The vulnerabilities listed above account for the majority of common web application security breaches. Here are some statistics that should make you think a little about getting a website security testing service from Security Audit Systems.

– Estimated 77 million user accounts compromised by an external hacker on the Sony Playstation Network.

– In 2008 there was $1 trillion dollars worth of intellectual property stolen according to a Mcafee report.

– It takes 10 minutes to crack a 6 character, lower case password, with no numbers or symbols.

–  73% of all Americans have fallen victim to some form of cybercrime according to a Symantec study.

– On average it takes 156 days before a computer or network compromise is even detected.

– 90% of businesses suffered some sort of computer hack in the last 12 months according to a study by Research Ponemon on behalf of Juniper Networks.

 

We offer OWASP Security Testing and it is part of our website penetration test, please contact us for a free quotation.

Registered Memberships and Partners:

OWASP - Open Web Applications Security Project
ISSA UK - Information Systems Security Association UK
NIST - Computer Security Division of NIST
UKITA - UK Information Technology Association
ISF - Information Security Forum
ISACA - Information Security Audit & Control Association

  • Latest Tweets

    • Britain's security has been threatened by 188 high-level cyber attacks in the last three months, according to a government security chief.

    • Libraries across the city of St Louis are gradually regaining control of their computer systems, following a malware attack on 17 Libraries.

This website uses cookies to improve user experience. By using our website you consent to all cookies issued by this website.
I agree Disagree