The Much Anticipated OWASP Top Ten 2013 List was Officially Released on June 12, 2013

Share Article

A-lign Security Senior Auditor/Penetration Tester Chris Berberich is a participant on one of the professional team’s chosen to assist in reviewing code for the 2013 OWASP list.

Chris Berberich

OWASP is a 501©(3) worldwide not-for-profit charitable organization focused on improving the security of software. The OWASP (Open Web Application Security Project) Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

All companies are urged to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

View the 2013 Top Ten here:

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

  •     A1 Injection
  •     A2 Broken Authentication and Session Management (was formerly 2010-A3)
  •     A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
  •     A4 Insecure Direct Object References
  •     A5 Security Misconfiguration (was formerly 2010-A6)
  •     A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
  •     A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
  •     A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
  •     A9 Using Known Vulnerable Components (new but was part of 2010-A6 – Security Misconfiguration)
  •     A10 Unvalidated Redirects and Forwards

Chris Berberich joined A-lign’s Security Team in 2012 where he serves as a Senior Auditor/Penetration Tester. Chris has an extremely deep and solid understanding of applications, server and network security and recently passed the Certified Penetration Testing Engineer (C) PTE, Certified Professional Ethical Hacker C) PEH and Cisco Certified Network Associate (CCNA) certification tests, adding to his already impressive credentials.

A-lign™ Security, an information security audit and consulting company, is registered with the PCI Security Standards Council as a Qualified Security Assessor Company. A-lign specializes in assisting clients meet industry and government requirements including PCI DSS, FISMA, FFIEC, HIPAA and ISO 27002. In addition, they provide information technology management services to assist clients with security policy development, vendor management reviews and Information Security Officer outsourcing.

For more information about OWASP, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Susan Dial
Email >
Visit website