OWASP TOP 10 VULNERABILITIES

VERAFIED Security Mark for the OWASP TOP 10

The OWASP Top 10 represents a broad consensus on the most critical web application security flaws. The errors on this list occur frequently in web applications, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over your software, steal data, or prevent your software from working at all.

Although the Veracode Platform detects hundreds of software security flaws, we provide a razor focus on finding the problems that are “worth fixing”. The OWASP Top 10 is a list of flaws so prevalent and severe that no web application should be delivered to customers without some evidence that the software does not contain these errors.

The following table identifies technical flaws found through automated analysis used to achieve the VERAFIED security mark and the additional coverage provided through manual penetration testing to detect business logic and design errors to achieve the VERAFIED HIGH ASSURANCE security mark for the 2013 OWASP Top 10.

Rank OWASP Top 10
OWASP urges all companies to be aware of these concerns within their organization and start the process of ensuring that their web applications do not contain these flaws.
 
 
A1 Injection
X
X
A2 Broken Authentication and Session Management (XSS)
X
X
A3 Cross Site Scripting (XSS)
X
X
A4 Insecure Direct Object References
X
X
A5 Security Misconfiguration
 
X
A6 Sensitive Data Exposure
X
X
A7 Missing Function Level Access Control
X
X
A8 Cross Site Request Forgery (CSRF)
 
X
A9 Using Components with Known Vulnerabilities
 
X
A10 Unvalidated Redirects and Forwards
X
X


 

FREE Security Tutorials from Veracode

Flash Security
SQL Injection Attack
Cyber Security
Mobile Phone Security
CRLF Injection
 

Veracode Security Solutions

Binary Analysis
Application Testing Tool
Software Security
 

Veracode Data Security Resources

Data Loss
Data Security
Data Breach