In 2016, OWASP will publish the fifth iteration of the OWASP Top 10. First released in 2004, the OWASP Top 10 is a popular enumeration of the 10 most important web application security vulnerabilities as determined by severity as well as real world prevalence. As we await publication of this latest version, we can’t help but ask ourselves, “if the world’s most popular list of web application security vulnerabilities clearly shows what we should worry about and focus our efforts towards, why do the same issues continue to appear year after year?” Ignoring the past On July 1, 1940, the Tacoma Narrows Bridge first opened, connecting Tacoma to Kitsap County. It was the third longest suspension bridge in the world at the time (behind only the Golden Gate Bridge and George Washington Bridge). But, on November 7, barely four months after it opened, it collapsed into the Puget Sound. The reason for the collapse was mechanical resonance; the wind in the Puget Sound on that day just happened to provide an external periodic frequency that matched the bridge’s natural structural frequency.
Posted in Software Architecture and Design | Comments Off on 3 reasons why the most common OWASP risks are STILL on the list after 10 years