OWASP Top 10 -2010 RC

Open Web Application Security Project (OWASP), an open-source application security project, has published a release candidate version of the OWASP Top 10 Project for comments and feedback. You can download it from http://www.owasp.org/images/0/0f/OWASP_T10_-_2010_rc1.pdf.

It was always perceived that OWASP Top 10 is about 10 most common weaknesses in web applications; this release makes it clear that OWASP Top 10 Project is about Top 10 risks. As a result, OWASP reshuffled the order of the items on the list since now it is based on the estimate risk, instead the frequency of the associated weakness. In addition, there are two new items: ADDED: A6 –Security Misconfiguration ADDED: A8 –Unvalidated Redirects and Forwards REMOVED: A3 –Malicious File Execution REMOVED: A6 –Information Leakage and Improper Error Handling.

Please review and contribute your thought and comments.