OWASP Top 10 2013Posted by admin on Mar 11, 2013 in Security Blog • No comments
What is OWASP?
OWASP stands for Open Web Applications Security Project, and is an open-source collaboration of web based security tools, technologies and methodologies from industry leaders, educational organisations and individuals from around the world. The aim of OWASP is simple; help people with a useful and clear resource of tools and documents to help understand web application security to better protect themselves online. The OWASP Top 10 2013 has recently been published and is summarized below.
What is OWASP Top 10 2013?
OWASP collects data from successful web application attacks and uses this data to produce the OWASP Top 10 2013 statistics. The OWASP Top 10 2013 refers to the top 10 web attacks as seen over the year by security experts, and community contributors to the project. This year shows a few additions to what OWASP top 10 had in previous years, including A6, A7 and A9.
Current OWASP Top 10 2013
A1 – Injection (ref)
A2 – Broken Authentication / Session Management (ref)
A3 – Cross site scripting (XSS) (ref)
A4 – Insecure Direct Object References (ref)
A5 – Security Misconfiguration (ref)
A6 – Sensitive Data Exposure (ref)
A7 – Missing Function Level Access Control (ref)
A8 – Cross Site Request Forgery (ref)
A9 – Using Components with known vulnerabilities (ref)
A10 – Unvalidated Redirects and Forwards (ref)
What does this mean for you?
The vulnerabilities listed above account for the majority of common web application security breaches. Here are some statistics that should make you think a little about getting a website security testing service from Security Audit Systems.
– Estimated 77 million user accounts compromised by an external hacker on the Sony Playstation Network.
– In 2008 there was $1 trillion dollars worth of intellectual property stolen according to a Mcafee report.
– It takes 10 minutes to crack a 6 character, lower case password, with no numbers or symbols.
– 73% of all Americans have fallen victim to some form of cybercrime according to a Symantec study.
– On average it takes 156 days before a computer or network compromise is even detected.
– 90% of businesses suffered some sort of computer hack in the last 12 months according to a study by Research Ponemon on behalf of Juniper Networks.