Log In Sign Up

Is the OWASP Top 10 list comprehensive enough for writing secure code?

by   Parth Sane, et al.

The OWASP Top 10 is a list that is published by the Open Web Application Security Project (OWASP). The general purpose is to serve as a watchlist for bugs to avoid while writing code. This paper compares how many of those weakness as described in the top ten list are actually reported in vulnerabilities listed in the National Vulnerability Database (NVD). That way it makes it possible to empirically show whether the OWASP Top 10 list is comprehensive enough or not, for code weaknesses that have been found in the past decade.


Web Application Weakness Ontology Based on Vulnerability Data

Web applications are becoming more ubiquitous. All manner of physical de...

A Suite of Metrics for Calculating the Most Significant Security Relevant Software Flaw Types

The Common Weakness Enumeration (CWE) is a prominent list of software we...

Predicting Vulnerability In Large Codebases With Deep Code Representation

Currently, while software engineers write code for various modules, quit...

Secure list decoding

In this paper, we propose a new concept of secure list decoding. While t...

Common Vulnerability Scoring System Prediction based on Open Source Intelligence Information Sources

The number of newly published vulnerabilities is constantly increasing. ...