My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Monday, February 2, 2004
« Restrain the tongue.... | Main | FAQ on Web Applications Security from OW... »

This came through some time ago on the WebAppSec listserve:

".... the Open Web Application Security Project (OWASP) released its updated list of the 10 most critical web application security problems, marking the second year for this report. OWASP created this list to help organizations understand and improve the security of their web applications and web services.

The Top 10 list is organized around particular categories of vulnerabilities that frequently occur in Web applications.  This year's revision includes a new category for web application denial of service vulnerabilities that have
become increasingly prevalent in systems over the last year.  Also, the list now aligns with the current draft web security definitions that will be incorporated in the soon-to-be-released OASIS WAS XML standard. Many minor
improvements were made as well.

Recent application DOS attacks have locked users out of accounts, exhausted an application's database connections, and consumed all of an application's processing power. Exploiting these vulnerabilities, an attacker can target
specific users or block all access to an application at will. The attacks do not require any special tools or expertise to launch, and have become a major risk for most web applications."

Download the standard from the OWASP Web site at
http://www.owasp.org/documentation/topten

[Now Playing: Jaane Dil Mein - Mujhse Dosti Karoge]

Tags:: Security
2/2/2004 10:14 PM Eastern Standard Time  |  Comments [0]  |  Disclaimer  |  Permalink   
Comments are closed.