From the OWASP website – I thought it was pertinent to post the OWASP top ten. We all know what they are but there is some great information wrapped in the description. For the full write up and a lot more useful information visit the OWASP website HERE.

The OWASP Top 10 Web Application Security Risks for 2010 are:
–Code Injection
–Cross-Site Scripting (XSS)
–Broken Authentication and Session Management
–Insecure Direct Object References
–Cross-Site Request Forgery (CSRF)
–Security Mis-configuration
–Insecure Cryptographic Storage
–Failure to Restrict URL Access
–Insufficient Transport Layer Protection
–Un-validated Redirects and Forwards

The full descriptions are well worth reading, and further down the page there are “factors” broken out into four headings. Again, there is more information on the OWASP website, but look at the four headings below. This is a really easy way to help you classify the severity of potential threats, and to help you asses your assumption of risk.

Threat factors – skill level, motive, opportunity, size

Vulnerability factors – ease of discovery, ease of exploit, awareness, IDS

Technical impact factors – loss of confidentiality, integrity, availability, accountability

Business impact factors – financial damage, reputation, non-compliance, privacy violation

…worth sharing I thought!