owasp top 10 for 2007

The OWASP Top 10 has been updated. The PDF version is way at the bottom. Top lists of anything are tough because you have to draw lines and qualifications somewhere. I like that the authors mention some items they left out such as input validations and buffer overflows, but I’m a little concerned that those should still have been included. I guess I am not yet satisfied with why they left them out.

Then again, I have yet to give this a deeper read and maybe am just distilling the information a little slowly yet. Overall, love the OWASP stuff and this top 10 is excellent. Got linked to this from Jeremiah.

Posted in web

2 thoughts on “owasp top 10 for 2007

  1. wait for the Guide 3.0… owasp top ten 2007 just kicks-off all the other owasp project iterations
    the top ten is merely to gather interest and target areas where research and time can be spent. it’s like a mindmap if you think like an engineer. or a landing site if you think like a marketer

Comments are closed.