The OWASP Top 10 has been updated. The PDF version is way at the bottom. Top lists of anything are tough because you have to draw lines and qualifications somewhere. I like that the authors mention some items they left out such as input validations and buffer overflows, but I’m a little concerned that those should still have been included. I guess I am not yet satisfied with why they left them out.
Then again, I have yet to give this a deeper read and maybe am just distilling the information a little slowly yet. Overall, love the OWASP stuff and this top 10 is excellent. Got linked to this from Jeremiah.
2 thoughts on “owasp top 10 for 2007”
wait for the Guide 3.0… owasp top ten 2007 just kicks-off all the other owasp project iterations
the top ten is merely to gather interest and target areas where research and time can be spent. it’s like a mindmap if you think like an engineer. or a landing site if you think like a marketer
That makes perfect sense! Now I agree! 🙂
Comments are closed.