Saw cheap IPhone 5 today at the electronics market. Fashion rules, no doubt, and everyone wants the toy. Even though the 5-th even doesn’t exist yet. Strange feeling to witness the ghost.

I expanded my network of InfoSec specialists, analysts and geeks on Twitter. And got hinted to look at owasp.org project. I usually have numerous tabs open in Firefox, never timely reading them - so they grow. Now I have a couple more, promising myself to read them asap. We talked about ghosts, right? They say companies are divided into those which do know their web applications code is insecure and those which don’t.

This ghost chasing is rated well in OWASP’s top 10 rating of threats your company (and probably you) face during web information exchange.

Here is the link to the 2010 document. It appears, not much changes over time, so they don’t update the rating annually. Still it is very current, being reviewed by some top companies from the industry recently. 

http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf

There’s much to think about.