Open source web applicaton security project top ten project(開源安全項目）

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project  開源組織開放式發布最新排名前10位的最常見的漏洞

The OWASP Top 10 - 2013 Release Candidate includes the following changes as compared to the 2010 edition:

• A1 Injection
• A2 Broken Authentication and Session Management (was formerly A3)
• A3 Cross-Site Scripting (XSS) (was formerly A2)
• A4 Insecure Direct Object References
• A5 Security Misconfiguration (was formerly A6)
• A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
• A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
• A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
• A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
• A10 Unvalidated Redirects and Forwards

Please review this release candidate and provide comments to dave.wichers@owasp.org or to the OWASP Top 10 mailing list (which you must be subscribed to). The comment period is open from Feb 16 through March 30, 2013 and a final version will be released in May 2013.

If you are interested, the methodology for how the Top 10 is produced is now documented here: OWASP Top 10 Development Methodology

Microsoft Threat Analysis & Modeling v2.1.2

http://www.microsoft.com/en-us/download/details.aspx?id=14719