From: Jeff Williams @ Aspect (@)
Date: Tue Jan 27 2004 - 13:35:35 EST
Hi,
This morning, the Open Web Application Security Project (OWASP) released its
updated list of the 10 most critical web application security problems,
marking the second year for this report. OWASP created this list to help
organizations understand and improve the security of their web applications
and web services.
The Top 10 list is organized around particular categories of vulnerabilities
that frequently occur in Web applications. This year's revision includes a
new category for web application denial of service vulnerabilities that have
become increasingly prevalent in systems over the last year. Also, the list
now aligns with the current draft web security definitions that will be
incorporated in the soon-to-be-released OASIS WAS XML standard. Many minor
improvements were made as well.
Recent application DOS attacks have locked users out of accounts, exhausted
an application's database connections, and consumed all of an application's
processing power. Exploiting these vulnerabilities, an attacker can target
specific users or block all access to an application at will. The attacks do
not require any special tools or expertise to launch, and have become a
major risk for most web applications.
Download the standard from the OWASP Web site at
http://www.owasp.org/documentation/topten. We would greatly appreciate a
note if your organization is using the Top Ten internally.
Questions or comments about the OWASP Top Ten can be sent to
topten@owasp.org.
Thanks,
--Jeff
Jeff Williams, CEO
Aspect Security
http://www.aspectsecurity.com
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:46 EDT