VERAFIED Security Mark for the OWASP TOP 10
The OWASP Top 10 represents a broad consensus on the most critical web application security flaws. The errors on this list occur frequently in web applications, are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over your software, steal data, or prevent your software from working at all.
Although the Veracode Platform detects hundreds of software security flaws, we provide a razor focus on finding the problems that are “worth fixing”. The OWASP Top 10 is a list of flaws so prevalent and severe that no web application should be delivered to customers without some evidence that the software does not contain these errors.
The following table identifies technical flaws found through automated analysis used to achieve the VERAFIED security mark and the additional coverage provided through manual penetration testing to detect business logic and design errors to achieve the VERAFIED HIGH ASSURANCE security mark for the 2013 OWASP Top 10.
|Rank||OWASP Top 10
OWASP urges all companies to be aware of these concerns within their organization and start the process of ensuring that their web applications do not contain these flaws.
|A2||Broken Authentication and Session Management (XSS)|
|A3||Cross Site Scripting (XSS)|
|A4||Insecure Direct Object References|
|A6||Sensitive Data Exposure|
|A7||Missing Function Level Access Control|
|A8||Cross Site Request Forgery (CSRF)|
|A9||Using Components with Known Vulnerabilities|
|A10||Unvalidated Redirects and Forwards|