Lista de las mas serias vulnerabilidades en aplicaciones durante 2007:


A1 - Cross Site Scripting (XSS) (http://www.owasp.org/index.php/Top_10_2007-A1)
A2 - Injection Flaws (http://www.owasp.org/index.php/Top_10_2007-A2)
A3 - Malicious File Execution (http://www.owasp.org/index.php/Top_10_2007-A3)
A4 - Insecure Direct Object Reference (http://www.owasp.org/index.php/Top_10_2007-A4)
A5 - Cross Site Request Forgery (CSRF) (http://www.owasp.org/index.php/Top_10_2007-A5)
A6 - Information Leakage and Improper Error Handling (http://www.owasp.org/index.php/Top_10_2007-A6)
A7 - Broken Authentication and Session Management (http://www.owasp.org/index.php/Top_10_2007-A7)
A8 - Insecure Cryptographic Storage (http://www.owasp.org/index.php/Top_10_2007-A8)
A9 - Insecure Communications (http://www.owasp.org/index.php/Top_10_2007-A9)
A10 - Failure to Restrict URL Access (http://www.owasp.org/index.php/Top_10_2007-A10)



http://blogs.owasp.org/orizon/wp-content/themes/default/images/ologo.gif

Fuente: OWASP (Open Web Application SecurityProject) - Top Ten web application vulnerabilities.

Mas info:

http://es.wikipedia.org/wiki/OWASP