Premium Content

Access "OWASP Top 10 vulnerabilities list adds risk to equation"

Published: 19 Oct 2012
How to watch over your data with effective database activity monitoring

This article is part of the May 2010 issue of How to watch over your data with effective database activity monitoring

The Open Web Application Security Project (OWASP) is hoping an overhaul of its top 10 vulnerabilities list will help enterprises more easily apply the list to their software development lifecycle. The organization changed the methodology it uses to categorize coding errors in the latest version of the Top 10 List issued in April, adding risk to the equation. "Wherever we rate a risk, we have a big question mark so that you can fill in your threat agent and your business impact," says Jeff Williams, volunteer chair of OWASP and a co-author of the OWASP Top 10. "You can rate these risks for yourself, for your application and for your organization." It's the first time in three years since the last major revision to the OWASP list. Ultimately, the change in methodology has resulted in ranking the 10 most critical Web application coding errors by risk rather than vulnerability frequency. Factoring in risk has bumped injection errors ahead of cross-site scripting (XSS) flaws. It also stirred some debate in the organization, according to Williams, because two ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Already a member? Login to access this content.

What's Inside

Features

More Premium Content Accessible For Free

Back to top