On April 19, 2010 we released the final version of the OWASP Top 10 for 2010. This version was updated based on numerous comments received during the comment period after the release candidate was released in Nov. 2009.
The OWASP Top 10 Web Application Security Risks for 2010 are:
* A1: Injection
* A2: Cross-Site Scripting (XSS)
* A3: Broken Authentication and Session Management
* A4: Insecure Direct Object References
* A5: Cross-Site Request Forgery (CSRF)
* A6: Security Misconfiguration
* A7: Insecure Cryptographic Storage
* A8: Failure to Restrict URL Access
* A9: Insufficient Transport Layer Protection
* A10: Unvalidated Redirects and Forwards
Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the world!!!