OWASP Top 10 - 2010 has been officially released. Download the pdf now.
The 2010 Top 10
- A1: Injection [Injection Cheat Sheet]
- A2: Cross-Site Scripting (XSS) [XSS Cheat Sheet] [XSS Podcast]
- A3: Broken Authentication and Session Management [Authentication Cheat Sheet]
- A4: Insecure Direct Object References [ESAPI Access Reference Map]
- A5: Cross-Site Request Forgery (CSRF) [CSRF Cheat Sheet] [CSRF Podcast]
- A6: Security Misconfiguration [Development Configuration Guide]
- A7: Insecure Cryptographic Storage [Crypto Cheat Sheet] [Crypot Podcast]
- A8: Failure to Restrict URL Access [ESAPI Access Control API]
- A9: Insufficient Transport Layer Protection [TLS Protection Cheat Sheet] [TLS Podcast]
- A10: Unvalidated Redirects and Forwards [Open Redirects Article] [Redirects Podcast]
Also, towards the end of the document is a section labeled "Additional Risks to Consider". I encourage you to read "Lack of Intrusion Detection and Response"
-Michael Coates