14 DAY TRIAL // The Open Web Application Security Project (OWASP) has officially released the OWASP Top 10 for 2013. The previous OWASP Top 10 was released back in 2010.
Take a look at the new OWASP Top 10:
A1 Injection A2 Broken Authentication and Session Management A3 Cross-Site Scripting (XSS) A4 Insecure Direct Object References A5 Security Misconfiguration A6 Sensitive Data Exposure A7 Missing Function Level Access Control A8 Cross-Site Request Forgery (CSRF) A9 Using Known Vulnerable Components A10 Unvalidated Redirects and Forwards
Compared to the previous list, there are some modifications. For instance, XSS was formerly A2 and Security Misconfiguration was formerly A6. CSRF was formerly A5, but it has now dropped to A8.
Insecure Cryptographic Storage (A7) and Insufficient Transport Layer Protection (A9) from the OWASP Top 10 2010 have been merged into the current A6. Failure to Restrict URL Access has been renamed and broadened to become Missing Function Level Access Control (A7-2013).
Finally, A9 from the current list is new. However, it was part of Security Misconfiguration from the old Top 10.
The OWASP Top 10 2013 is available here in PDF format.