The Open Web Application Security Project (OWASP) has opened a chapter in Canberra. Kicked off by Andrew Muller of Ionize, OWASP brings to Canberra expertise in web application security. It also brings the small community of security professionals to meet, discuss and engage in the crucial business of securing applications.
OWASP Canberra is committed to monthly meetings, and the occasional “special” meeting. See you there!
OWASP has a project called ‘The OWASP top ten project‘ which list the top 10 security threats for web-based applications.
OWASP Current Top Twelve Threats
- Cross-Site Scripting (XSS)
- Malicious File execution
- Insecure Direct Object References
- Cross-site Request Forgery (spoofing)
- Information Leakage and Improper Error Handling (I’m guilty)
- Injections Flaws
- Broken authentication and session management
- Insecure cryptographic storage
- Transport Layer Protection (TLP)
- Failure to secure URL access (I’m guilty)
- Security Misconfiguration
- Unvalidated Redirects and Forwards
Ok, which ones are you guilty of?