Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Tổ chức OWASP là những thực thể phi lợi nhuận để đảm bảo thành công lâu dài của dự án. Hầu như tất cả mọi người liên kết với OWASP là một tình nguyện viên, bao gồm Hội đồng OWASP, Ủy ban nhân toàn cầu, ChapterLeaders, các nhà lãnh đạo dự án, và các thành viên dự án. Chúng tôi hỗ trợ nghiên cứu innovativesecurity với khoản trợ cấp và cơ sở hạ tầng. | OWASP The Open Web Application Security Project OWASPTop 10-2010 The Ten Most Critical Web Application Security Risks Creative Commons CC Attribution Share-Alike Free version at http www.owasp.org O About OWASP Foreword About OWASP Insecure software is already undermining our financial healthcare defense energy and other critical infrastructure. As our digital infrastructure gets increasingly complex and interconnected the difficulty of achieving application security increases exponentially. We can no longer afford to tolerate relatively simple security problems like those presented in the OWASP Top 10. The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards books tools and organizations including MITRE PCI DSS DISA FTC and many more. This release of the OWASP Top 10 marks this project s eighth year of raising awareness of the importance of application security risks. The OWASP Top 10 was first released in 2003 minor updates were made in 2004 and 2007 and this is the 2010 release. We encourage you to use the Top 10 to get your organization started with application security. Developers can learn from the mistakes of other organizations. Executives should start thinking about how to manage the risk that software applications create in their enterprise. But the Top 10 is not an application security program. Going forward OWASP recommends that organizations establish a strong foundation of training standards and tools that makes secure coding possible. On top of that foundation organizations should integrate security into their development verification and maintenance processes. Management can use the data generated by these activities to manage cost and risk associated with application security. We hope that the OWASP Top 10 is useful to your application security efforts. Please don t hesitate to contact OWASP with your .