Difference between revisions of "Top 10 2013-Note About Risks"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 +
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|title=Start Your Application Security Program Now|number=whole|year=2013}}
 +
 
Although the 2007 and earlier versions of the OWASP Top 10 focused on identifying the most common “vulnerabilities,” the OWASP Top 10 has always been organized around risks. This has caused some understandable confusion on the part of people searching for an airtight weakness taxonomy. The OWASP Top 10 for 2010 clarified the risk-focus in the Top 10 by being very explicit about how threat agents, attack vectors, weaknesses, technical impacts, and business impacts combine to produce risks. This version of the OWASP Top 10 follows the same methodology.
 
Although the 2007 and earlier versions of the OWASP Top 10 focused on identifying the most common “vulnerabilities,” the OWASP Top 10 has always been organized around risks. This has caused some understandable confusion on the part of people searching for an airtight weakness taxonomy. The OWASP Top 10 for 2010 clarified the risk-focus in the Top 10 by being very explicit about how threat agents, attack vectors, weaknesses, technical impacts, and business impacts combine to produce risks. This version of the OWASP Top 10 follows the same methodology.
 +
 +
 +
{{Top_10_2013:BottomTemplate
 +
    |type={{Top_10_2010:StyleTemplate}}
 +
    |usenext=2013NextLink
 +
    |next=Note About Risks
 +
    |useprev=2013PrevLink
 +
    |prev=What's Next for Verifiers
 +
}}

Revision as of 13:24, 26 February 2013

Start Your Application Security Program Now

Although the 2007 and earlier versions of the OWASP Top 10 focused on identifying the most common “vulnerabilities,” the OWASP Top 10 has always been organized around risks. This has caused some understandable confusion on the part of people searching for an airtight weakness taxonomy. The OWASP Top 10 for 2010 clarified the risk-focus in the Top 10 by being very explicit about how threat agents, attack vectors, weaknesses, technical impacts, and business impacts combine to produce risks. This version of the OWASP Top 10 follows the same methodology.


[[Top 10 {{{year}}}-What's Next for Verifiers|← What's Next for Verifiers]]
2013 Table of Contents

2013 Top 10 List

[[Top 10 {{{year}}}-Note About Risks|Note About Risks →]]

© 2002-2013 OWASP Foundation This document is licensed under the Creative Commons Attribution-ShareAlike 3.0 license. Some rights reserved. CC-by-sa-3 0-88x31.png
[[Category:OWASP Top Ten {{{year}}} Project]]