Security Management Strategies for the CIOAccess "OWASP Top 10 vulnerabilities list adds risk to equation"
This article is part of the May 2010 issue of How to watch over your data with effective database activity monitoring
The Open Web Application Security Project (OWASP) is hoping an overhaul of its top 10 vulnerabilities list will help enterprises more easily apply the list to their software development lifecycle. The organization changed the methodology it uses to categorize coding errors in the latest version of the Top 10 List issued in April, adding risk to the equation. "Wherever we rate a risk, we have a big question mark so that you can fill in your threat agent and your business impact," says Jeff Williams, volunteer chair of OWASP and a co-author of the OWASP Top 10. "You can rate these risks for yourself, for your application and for your organization." It's the first time in three years since the last major revision to the OWASP list. Ultimately, the change in methodology has resulted in ranking the 10 most critical Web application coding errors by risk rather than vulnerability frequency. Factoring in risk has bumped injection errors ahead of cross-site scripting (XSS) flaws. It also stirred some debate in the organization, according to Williams, because two ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
Database activity monitoring keeps watch over your data
by Adrian Lane, Contributor
Database activity monitoring can help with security and compliance by tracking everything going on in the database.
-
OWASP Top 10 vulnerabilities list adds risk to equation
OWASP Top 10 vulnerabilities list adds risk to methodology used to categorize coding errors.
-
Database activity monitoring keeps watch over your data
by Adrian Lane, Contributor
-
-
Microsoft Windows 7 security features
by Beth Quinlan
Microsoft Windows 7 security aims to improve security without the headaches of Vista.
-
The banking malware scourge
Criminals are using the Zeus banking Trojan and other malware to hijack online business banking accounts.
-
Microsoft Windows 7 security features
by Beth Quinlan
-
Columns
-
Four steps toward a plan for a career in information security
by Lee Kushner and Mike Murray
Having a long-term goal for a career in information security isn't enough. Here are four key steps for planning for a career in information security.
-
The real information security risk equation
by Ron Woerner
A simplified information security risk equation helps translate information security risk to users.
-
Cybersecurity bill lacks details
The Rockefeller-Snowe cybersecurity bill has potential but raises a lot of questions.
-
Four steps toward a plan for a career in information security
by Lee Kushner and Mike Murray
More Premium Content Accessible For Free
Compliance and risk modeling
E-Zine
You can fight compliance or embrace it, but one way or the other, you can’t escape it. Increasingly, smart organizations are not just accepting ...
Essentials: Threat detection
E-Zine
Antivirus and intrusion prevention aren’t the threat detection stalwarts they used to be. With mobile endpoints and new attack dynamics, enterprises ...
Managing identities in hybrid worlds
E-Zine
The world in which successful IAM programs must be implemented is increasingly complex, a mix of legacy on-premise IAM infrastructures, cloud-based ...