Contents

Security overview OWASP top ten security vulnerabilities 2013 Security awareness and education The risk associated with build your own Other aspects of security Top ten security risks for 2013 Overview of the OWASP top ten list #1 - Injection Valid content types SQL injection XML injection #2 - Broken authentication and session management #3 - Cross site scripting (XSS) #4 - Insecure direction object references #5 - Security misconfiguration #6 - Sensitive data exposure #7 - Missing function level access control #8 - Cross-site request forgery (CSRF) #9 - Using components with known vulnerabilities #10 - Non-validated redirects and forwards