If you are not aware of this news, OWASP released yesterday its annual Top-10 Web Application Vulnerability Risks. I won’t list them again here, lot of security bloggers already did it in the next hours following the official press release.
Instead, I checked if the news was also relayed by the developers. After all, there are the first concerned people in this document! Personally, I follow some developer’s blogs, I also googled for some well-know blogs oriented to “web technologies” and I must admit that almost nobody is aware of the OWASP Top-10. Maybe are all the developers blocked in European airports trying to catch a flight to go home?
As security professionals, our daily goal is also to introduce some security awareness principles to our colleagues. I hoped that a well-known document released by OWASP (since 2003!) was already a bedside book for web developers. It seems not!
for(;;) { apply_security_awareness(&developers); }