Dark Reading

New OWASP Top 10 List Includes Three New Web Vulns

After months of review, the Open Web Application Security Project has finally formally updated its widely used, if somewhat disputed, ranking of top Web application security vulnerabilities. OWASP's ...
Dark Reading

New OWASP Top 10 Reflects Unchanged State Of Web Security

The oft-cited and oft-debated OWASP Top 10 list of the most critical vulnerabilities in Web applications got an update this week with the most prevalent flaw -- injection -- remaining at the No. 1 ...
ZDNet

PCI-DSS 1.1 points to outdated OWASP Top 10

You might think this is nitpicking and just an error of omission, and certainly, anyone can make a mistake, BUT this guidance is supposed to (one might argue if it ...
Infosecurity-magazine.com

XSS is Most Rewarding Bug Bounty as CSRF is Revived

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, ...
Threat Post

OWASP Con Begets Top 10 Threats List

Injection attacks top the 2010 OWASP Top 10 list of Web application security threats, including SQL, OS, and LDAP injection, followed by cross-site scripting (XSS), broken authentication and session ...
CSOonline

Learn to play defense by hacking these broken web apps

The best way to learn to play defense is to play offense, and the OWASP Broken Web Applications Project makes it easy for application developers, novice penetration testers, and security-curious ...