Contents

Developement security overview OWASP top ten security vulnerabilities 2013 Security awareness and education The risk associated with build your own Other aspects of security Top ten security risks for 2013 Overview of the OWASP top ten list #1 - Injection Valid content types SQL injection XML injection #2 - Broken authentication and session management #3 - Cross site scripting (XSS) #4 - Insecure direction object references #5 - Security misconfiguration #6 - Sensitive data exposure #7 - Missing function level access control #8 - Cross-site request forgery (CSRF) #9 - Using components with known vulnerabilities #10 - Non-validated redirects and forwards Security considerations for developers Follow secure coding standards Avoid direct SQL Configure unique permission IDs Use permission infrastructure Verify URL and form parameters