About Sonatype

Sonatype in the News

Vulnerable components added to OWASP’s Top 10 risk list

Published: May 09, 2013 08:00


The rise of open-source, component-based development hasn’t come without risks, according to the Open Web Application Security Project’s (OWASP) 2013 Top 10 list.

The OWASP Foundation is a not-for-profit organization focused on improving software security. Now in its 10th year, the OWASP Top 10 list names the most critical Web application security risks, according to the foundation. “These are the mistakes that developers make most often that lead to significant exposures,” said Jeff Williams, founding member of OWASP and the Top 10 list’s creator and coauthor. “SQL injection tops the list because that’s the mistake developers make the most often.”

The first new risk to be added to the OWASP Top 10 list in three years, “Using Components with Known Vulnerabilities” highlights the importance of developers using secure components in applications to avoid exploitation by hackers. As stated in the 2013 OWASP Top 10, “Vulnerable components, such as libraries, frameworks and other software modules, almost always run with full privilege. So, if exploited, they can cause serious data loss or server takeover. Applications using these vulnerable components may undermine their defenses and enable a range of possible attacks and impacts.”

Continue reading on SD Times

SD Times

SD Times