A posting from Dark in there Application Security section:
The oft-cited and oft-debated OWASP Top 10 list of the most critical vulnerabilities in Web applications got an update this week with the most prevalent flaw—injection–remaining at the number one slot.
Injection, broken authentication and session management, cross-site scripting (XSS), insecure direct object references, security misconfiguration, sensitive data exposure, missing function-level access control, cross-site request forgery (CSRF), using known vulnerable components, and unvalidated redirects and forwards round out the Top 10 list, respectively. XSS actually dropped down a slot from the number two position in 2012, and broken authentication/session management moved up.
According OWASP, the jump in broken authentication and session management is most likely due to these bugs being scrutinized more closely. “We believe this is probably because this area is being looked at harder, not because these issues are actually more prevalent,” OWASP wrote in its report on the new list of Web app flaws.
CSRF dropped from number five to eight, mainly due to developers doing a better job in eliminating those flaws, according to OWASP.
To read more click here: