Home page logo

pen-test logo Penetration Testing mailing list archives

OWASP Top Ten 2004 Update Released
From: "Jeff Williams @ Aspect" <jeff.williams () aspectsecurity com>
Date: Tue, 27 Jan 2004 13:35:35 -0500


This morning, the Open Web Application Security Project (OWASP) released its
updated list of the 10 most critical web application security problems,
marking the second year for this report. OWASP created this list to help
organizations understand and improve the security of their web applications
and web services.

The Top 10 list is organized around particular categories of vulnerabilities
that frequently occur in Web applications.  This year's revision includes a
new category for web application denial of service vulnerabilities that have
become increasingly prevalent in systems over the last year.  Also, the list
now aligns with the current draft web security definitions that will be
incorporated in the soon-to-be-released OASIS WAS XML standard. Many minor
improvements were made as well.

Recent application DOS attacks have locked users out of accounts, exhausted
an application's database connections, and consumed all of an application's
processing power. Exploiting these vulnerabilities, an attacker can target
specific users or block all access to an application at will. The attacks do
not require any special tools or expertise to launch, and have become a
major risk for most web applications.

Download the standard from the OWASP Web site at
http://www.owasp.org/documentation/topten.  We would greatly appreciate a
note if your organization is using the Top Ten internally.

Questions or comments about the OWASP Top Ten can be sent to
topten () owasp org 



Jeff Williams, CEO
Aspect Security


  By Date           By Thread  

Current thread:
  • OWASP Top Ten 2004 Update Released Jeff Williams @ Aspect (Jan 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]