Check out the top 10 for 2007 security vulnerabilities for web applications presentation here (available as a PowerPoint presentation).
The top 10 is:
- Cross site scripting (XSS)
- Injection flaws
- Insecure remote file include
- Insecure direct object reference
- Cross site request forgery (CSRF)
- Information leakage and improper error handling
- Broken authentication and session management
- Insecure cryptographic storage
- Insecure communications
- Failure to restrict URL Access
If you’re a web developer, do you know what each of these mean and whether your code is vulnerable? If not, you need to know.