r
r
r
r
January 15, 2003 — (WEB HOST INDUSTRY REVIEW) — Open source community project the Open Web Application Security Project (OWASP) said this week that it had released its ranking of the 10 most critical Web application security problems for government and private sector implementations.
r
r
The report says the 10 vulnerabilities are surprisingly common, and can be exploited easily by unsophisticated attackers with widely-available tools. According to OWASP, Web applications deployed by organizations invite HTTP requests, which can allow buried attacks to bypass firewalls, filters, IDS and other security measures, making Web application code an important part of the security perimeter.
r
r
According to the report, many of the vulnerabilities in the top-10 have been well-known for years, but, for some reason, are still frequently overlooked in the deployment of major Web development projects, jeopardizing security.
r
r
Included in the list of critical vulnerabilities are: invalidated parameters; broken access control; broken account and session management; cross-site scripting flaws; buffer overflows; command injection flaws; error handling problems; insecure use of cryptography; remote administration flaws; and Web and application server misconfiguration.
