Here is a list of the top ten Web security risks:
- Hidden Manipulation
- Cookie Poisoning
- Backdoor and Debug Options
- Buffer Overflow
- Stealth Commanding
- 3rd Party Misconfiguration
- Known Vulnerabilities
- Parameter Tampering
- Cross Site Scripting
- Forceful Browsing
Looks like a pretty timely list, doesn’t it? Actually, I pulled this list out of my archive. I got it from Sanctum when they called it “10 Types of Web Perversion” (yes, I spent a lot of time trying to convince them not to call it perverse). My list is from September, 2000.
For comparison, here is what OWASP’s Top Ten Web Security Risks for 2010 (at least the release candidate):
- Injection
- Cross-Site Scripting
- Broken Authentication and Session Management
- Insecure Direct Object References
- Cross Site Request Forgery
- Security Misconfiguration
- Failure to Restrict URL Access
- Unvalidated Redirects and Forwards
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection