A lot of site owners think about security when there is new coverage about a big security breach. However, experts say that most people don't pay much attention to security when building web applications.
According to some experts most site owners are more interested in the way their site looks than they are in security. They say that security is often thought of after a site is built rather than before.
"The Ten Most Critical Web Application Security Vulnerabilities" is a report by the Open Web Application Security Project (OWASP). They want to raise awareness about the biggest security challenges facing Web developers.
The first OWASP list was issued in 2004. They say security hasn't improved much since then. They also say that new technologies such as Rich Internet Applications and AJAX make Web sites look better but also create more opportunities for attacks.
Here are the top 10 Web vulnerabilities according to the Open Web Application Security Project.
1. Cross site scripting (XSS)
2. Injection flaws
3. Malicious file execution
4. Insecure direct object reference
5. Cross site request forgery
6. Information leakage and improper error handling
7. Broken authentication and session management
8. Insecure cryptographic storage
9. Insecure communications
10. Failure to restrict URL access
This link will give you a description of each vulnerability, as well as examples and how to fix it. The information is fairly detailed
The top 10 reasons Web sites get hacked | InfoWorld | News | 2007-10-05 | By Jon Brodkin, Network World