The OWASP 2013 Top 10 vulnerabilities reflects the state of security in web development. The OWASP Top 10 project is an excellent tool that provides insight on the top-10 most critical Web Application vulnerabilities. Using these guidelines to drive Web Application security assessments has become a standard practice.

The Top 10 for 2013 are:

  1. A1 – Injection
  2. A2 – Broken Authentication and Session Management
  3. A3 – Cross-Site Scripting (XSS)
  4. A4 – Insecure Direct Object References
  5. A5 – Security Misconfiguration
  6. A6 – Sensitive Data Exposure
  7. A7 – Missing Function Level Access Control
  8. A8 – Cross-Site Request Forgery (CSRF)
  9. A9 – Using Known Vulnerable Components
  10. A10 – Unvalidated Redirects and Forwards

Get the full report.