Vulnerable software is threatening to our major sectors of development such as finance, defence, service industry, IT, healthcare, energy generation, manufacturing etc and many more critical infrastructures. As the digital industry is developing and becoming more and more complex, the difficulty of security increases manifolds. And therefore it is a huge risk on our parts to tolerate vulnerabilities that are exposed to risk or which are simple security problems mentioned in the OWASP Top 10 list and software development companies should consider these vulnerabilities while developing software and products.
OWASP is an open community which facilitates to enable organizations to develop, maintain and purchase applications that can be trusted. The objective of the OWASP Top 10 list is to have awareness about the application security and identifying some of the most important risks faced by organizations in today’s world. It gives IT companies the freedom to provide unbiased, cost effective information about the application security that is transparent enough to make valid decisions.
The OWASP Top 10 Vulnerabilities (2013) are as follows:
-
A1–Injection
-
A2–Cross-Site Scripting (XSS)
-
A3–Broken Authentication and Session Management
-
A4–Insecure Direct Object References
-
A5–Security Misconfiguration
-
A6 – Sensitive Data Exposure
-
A7 – Missing Function Level Access Control
-
A8 – Cross-Site Request Forgery (CSRF
-
A9 – Using Known Vulnerable Components
-
A10 –Integration with Dot Net Desktop Applications>