OWASP Top 10 Project 2013 published

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications that can be trusted. The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations.

As a leading security software vendor, Avira is fully committed to support, implement and spread the word about how to make software more secure.

The OWASP Top 10 for 2013 is now officially released as of June 12, 2013.

Here is the OWASP Top 10 2013 – PDF document. And the wiki version of the Top 10 for 2013 is here. 



(Source: OWASP Top 10)

The OWASP Top 10 – 2013 is as follows:

  • A1 Injection
  • A2 Broken Authentication and Session Management
  • A3 Cross-Site Scripting (XSS)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration
  • A6 Sensitive Data Exposure
  • A7 Missing Function Level Access Control
  • A8 Cross-Site Request Forgery (CSRF)
  • A9 Using Known Vulnerable Components
  • A10 Unvalidated Redirects and Forwards


The top list is just a short list. Don’t stop at 10.

There are hundreds of issues that could affect the overall security of a web application as discussed in the OWASP Developer’s Guide and the OWASP Cheat Sheet Series. These are essential reading for anyone developing web applications. Guidance on how to effectively find vulnerabilities in web applications is provided in the OWASP Testing Guide and the OWASP Code Review Guide.


Sorin Mustaca

IT Security Expert