Yesterday I gave a talk at a the Jacksonville JUG about the  Top 10 most critical web application security vulnerabilities identified by the Open Web Application Security Project (OWASP).


You can view or download the presentation here

Top 10 Web Security Vulnerabilities

References and More Information:

• Top 10 most critical web application security vulnerabilities
• Open Web Application Security Project (OWASP)
• OWASP Enterprise Security API
• The Top 10 starting with XSS
  
• Top 10 web security vulnerabilities number 2
  
• OWASP Top 10 number 3
• Bean Validation - The Java EE 6 Tutorial, Volume I
• JSF 2.0 validation
  
• XSSed

You can use OWASP's WebGoat to learn more about the OWASP Top Ten security vulnerabilties. WebGoat is an example web application, which has lessons showing "what not to do code", how to exploit the code, and corrected code for each vulnerability.




You can use the OWASP Enterprise Security API Toolkit to protect against the OWASP Top Ten security vulnerabilties.



The ESAPI Swingset is a web application which demonstrates the many uses of the Enterprise Security API.