6. What Didn’t Change
• Title: “The Top 10 Most Critical Web Application
Security Risks”
• 標題:前十名最關鍵Web應用程式安全風險
它是關於風險,不是漏洞
• 基於OWASP風險評估方法論選出前10名
OWASP Top 10 風險評估方法論
6
30. Hardened OS
Web Server
App Server
Framework
安全配置錯誤圖解
App Configuration
Custom Code
Accounts
Finance
Administration
Transactions
Communication
KnowledgeMgmt
E-Commerce
Bus.Functions
Test Servers
QA Servers
Source Control
Development
Database
內部人員
48. Automation Example for Java
– Use Maven ‘Versions’ Plugin
Output from the Maven Versions Plugin – Automated Analysis of Libraries’ Status
against Central repository
Most out of Date! Details Developer Needs
This can automatically be run EVERY TIME software is built!! 49