Top 10 2010 - Revision history

T.Gigler: Moved note to TopTemplate -> it is displayed on each page

2018-02-04T11:50:15Z

Moved note to TopTemplate -> it is displayed on each page

T.Gigler: Moved not to TopTemplate -> it is displayed on each page

2018-02-04T11:48:55Z

Moved not to TopTemplate -> it is displayed on each page

Wichers at 21:20, 3 July 2013

2013-07-03T21:20:44Z

Varun V Nair: Changed incorrect spelling "Forward" to correct spelling "Foreword"

2012-03-03T22:07:24Z

Changed incorrect spelling "Forward" to correct spelling "Foreword"

Wichers at 00:49, 14 October 2010

2010-10-14T00:49:16Z

Neil Smithline at 20:26, 13 October 2010

2010-10-13T20:26:52Z

Jeff Williams at 16:14, 10 June 2010

2010-06-10T16:14:00Z

Neil Smithline at 03:11, 29 April 2010

2010-04-29T03:11:39Z

Wichers at 17:30, 22 April 2010

2010-04-22T17:30:27Z

Wichers at 15:40, 22 April 2010

2010-04-22T15:40:23Z

@@ Line 1: / Line 1: @@
 {{Top_10_2010:TopTemplate|usenext=2010NextLink|next=Release Notes|useprev=Nothing|prev=}}
+<!--- Moved note to TopTemplate -> it is displayed on each page --->
 {{Top_10_2010:SubsectionColoredTemplate|Foreword|
 Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10.

@@ Line 1: / Line 1: @@
 {{Top_10_2010:TopTemplate|usenext=2010NextLink|next=Release Notes|useprev=Nothing|prev=}}
 {{Top_10_2010:SubsectionColoredTemplate|Foreword|
 Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10.

@@ Line 1: / Line 1: @@
 {{Top_10_2010:TopTemplate|usenext=2010NextLink|next=Release Notes|useprev=Nothing|prev=}}
 {{Top_10_2010:SubsectionColoredTemplate|Foreword|
 Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10.
@@ Line 44: / Line 47: @@
 * [[User:wichers|Dave Wichers]]
-[http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]
+{{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}
 We’d like to thank those organizations that contributed their vulnerability prevalence data to support the 2010 update:

@@ Line 1: / Line 1: @@
 {{Top_10_2010:TopTemplate|usenext=2010NextLink|next=Release Notes|useprev=Nothing|prev=}}
-{{Top_10_2010:SubsectionColoredTemplate|Forward|
+{{Top_10_2010:SubsectionColoredTemplate|Foreword|
 Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10.

@@ Line 17: / Line 17: @@
 The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.}}
 {{Top_10_2010:SubsectionColoredTemplate|Warnings|}}
-'''Don’t stop at 10'''. There are hundreds of issues that could affect the overall security of a web application as discussed in the [[Guide | OWASP Developer's Guide]]. This is essential reading for anyone developing web applications today. Guidance on how to effectively find vulnerabilities in web applications are provided in the [http://owasp.org/index.php?title=Category:OWASP_Testing_Project OWASP Testing Guide] and the [http://owasp.org/index.php?title=Category:OWASP_Code_Review_Project OWASP Code Review Guide], which have both been significantly updated since the previous release of the OWASP Top 10.
+'''Don’t stop at 10'''. There are hundreds of issues that could affect the overall security of a web application as discussed in the [[Guide | OWASP Developer's Guide]]. This is essential reading for anyone developing web applications today. Guidance on how to effectively find vulnerabilities in web applications are provided in the [[:Category:OWASP_Testing_Project | OWASP Testing Guide]] and the [[:Category:OWASP_Code_Review_Project | OWASP Code Review Guide]], which have both been significantly updated since the previous release of the OWASP Top 10.
 '''Constant change'''. This Top 10 will continue to change. Even without changing a single line of your application’s code, you may already be vulnerable to something nobody ever thought of before. Please review the advice at the end of the Top 10 in “What’s Next For Developers, Verifiers, and Organizations” for more information.
@@ Line 24: / Line 24: @@
 Use tools wisely. Security vulnerabilities can be quite complex and buried in mountains of code. In virtually all cases, the most cost-effective approach for finding and eliminating these weaknesses is human experts armed with good tools.
-'''Push left'''. Secure web applications are only possible when a secure software development life-cycle is used. For guidance on how to implement a secure SDLC, we recently released the [[Category:Software_Assurance_Maturity_Model | Open Software Assurance Maturity Model (SAMM)]], which is a major update to the [[Category:OWASP_CLASP_Project | OWASP CLASP Project]].
+'''Push left'''. Secure web applications are only possible when a secure software development life-cycle is used. For guidance on how to implement a secure SDLC, we recently released the [[:Category:Software_Assurance_Maturity_Model | Open Software Assurance Maturity Model (SAMM)]], which is a major update to the [[:Category:OWASP_CLASP_Project | OWASP CLASP Project]].
 {{Top_10_2010:SubsectionColoredTemplate|The Pages of the Top 10|}}

@@ Line 39: / Line 39: @@
 {{Top_10_2010:SubsectionColoredTemplate|Acknowledgments|}}
-Thanks to [http://www.aspectsecurity.com Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2003, and to its primary authors: Jeff Williams and Dave Wichers.
+Thanks to [http://www.aspectsecurity.com Aspect Security] for initiating, leading, and updating the OWASP Top 10 since its inception in 2002, and to its primary authors:<BR>
 [http://www.aspectsecurity.com https://www.owasp.org/images/d/d1/Aspect_logo.gif]

@@ Line 26: / Line 26: @@
 '''Push left'''. Secure web applications are only possible when a secure software development life-cycle is used. For guidance on how to implement a secure SDLC, we recently released the [[Category:Software_Assurance_Maturity_Model | Open Software Assurance Maturity Model (SAMM)]], which is a major update to the [[Category:OWASP_CLASP_Project | OWASP CLASP Project]].}}
-{{Top_10_2010:SubsectionColoredTemplate|The pages of the Top 10|}}
+{{Top_10_2010:SubsectionColoredTemplate|The Pages of the Top 10|}}
 <div style="font-size: 150%; font-weight: bold;">
 * [[Top 10 2010-Release Notes|Release Notes]]

← Older revision		Revision as of 17:30, 22 April 2010
Line 65:		Line 65:

	{{Top_10_2010:BottomTemplate\|usenext=2010NextLink\|next=Release Notes\|useprev=Nothing\|prev=}}		{{Top_10_2010:BottomTemplate\|usenext=2010NextLink\|next=Release Notes\|useprev=Nothing\|prev=}}
		+	[[Category:OWASP Top Ten Project]]

@@ Line 3: / Line 3: @@
 Insecure software is already undermining our financial, healthcare, defense, energy, and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected, the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10.
-The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and [http://www.owasp.org/index.php/Industry:Citations many more]. This release of the OWASP Top 10 marks this project’s eighth year of raising awareness of the importance of application security risks. The OWASP Top 10 was first released in 2003, minor updates were made in 2004 and 2007, and this is the 2010 release.
+The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and [[Industry:Citations | many more]]. This release of the OWASP Top 10 marks this project’s eighth year of raising awareness of the importance of application security risks. The OWASP Top 10 was first released in 2003, minor updates were made in 2004 and 2007, and this is the 2010 release.
 We encourage you to use the Top 10 to get your organization started with application security. Developers can learn from the mistakes of other organizations. Executives should start thinking about how to manage the risk that software applications create in their enterprise.
@@ Line 17: / Line 17: @@
 The primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas – and also provides guidance on where to go from here.}}
 {{Top_10_2010:SubsectionColoredTemplate|Warnings|
-'''Don’t stop at 10'''. There are hundreds of issues that could affect the overall security of a web application as discussed in the [http://www.owasp.org/index.php/Guide OWASP Developer's Guide]. This is essential reading for anyone developing web applications today. Guidance on how to effectively find vulnerabilities in web applications are provided in the [http://www.owasp.org/index.php/Category:OWASP_Testing_Project OWASP Testing Guide] and [http://www.owasp.org/index.php/Category:OWASP_Code_Review_Project OWASP Code Review Guide], which have both been significantly updated since the previous release of the OWASP Top 10.
+'''Don’t stop at 10'''. There are hundreds of issues that could affect the overall security of a web application as discussed in the [[Guide | OWASP Developer's Guide]]. This is essential reading for anyone developing web applications today. Guidance on how to effectively find vulnerabilities in web applications are provided in the [[Category:OWASP_Testing_Project | OWASP Testing Guide]] and [[Category:OWASP_Code_Review_Project | OWASP Code Review Guide]], which have both been significantly updated since the previous release of the OWASP Top 10.
 '''Constant change'''. This Top 10 will continue to change. Even without changing a single line of your application’s code, you may already be vulnerable to something nobody ever thought of before. Please review the advice at the end of the Top 10 in “What’s Next For Developers, Verifiers, and Organizations” for more information.
-'''Think positive'''. When you’re ready to stop chasing vulnerabilities and focus on establishing strong application security controls, OWASP has just produced the [http://www.owasp.org/index.php/ASVS Application Security Verification Standard (ASVS)] as a guide to organizations and application reviewers on what to verify.
+'''Think positive'''. When you’re ready to stop chasing vulnerabilities and focus on establishing strong application security controls, OWASP has just produced the [[ASVS | Application Security Verification Standard (ASVS)]] as a guide to organizations and application reviewers on what to verify.
 Use tools wisely. Security vulnerabilities can be quite complex and buried in mountains of code. In virtually all cases, the most cost-effective approach for finding and eliminating these weaknesses is human experts armed with good tools.
-'''Push left'''. Secure web applications are only possible when a secure software development life-cycle is used. For guidance on how to implement a secure SDLC, we recently released the [http://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model Open Software Assurance Maturity Model (SAMM)], which is a major update to the [http://www.owasp.org/index.php/Category:OWASP_CLASP_Project OWASP CLASP Project].}}
+'''Push left'''. Secure web applications are only possible when a secure software development life-cycle is used. For guidance on how to implement a secure SDLC, we recently released the [[Category:Software_Assurance_Maturity_Model | Open Software Assurance Maturity Model (SAMM)]], which is a major update to the [[Category:OWASP_CLASP_Project | OWASP CLASP Project]].}}
 {{Top_10_2010:SubsectionColoredTemplate|The pages of the Top 10|}}