The Secure Web Applications Group has assembled a list of best practices to address the most common security threats currently plaguing web applications. We have modeled this list based on the OWASP list of top ten threats. Where applicable we have made recommendations specific to MSU's web environment.

Top 10 List

  1. Injection
  2. Cross Site Scripting (XSS)
  3. Failure to Restrict URL Access
  4. Insufficient Transport Layer Protection
  5. Insecure Direct Object References
  6. Cross Site Request Forgery
  7. Unvalidated Redirects and Forwards
  8. Broken Authentication and Session Management
  9. Security Misconfiguration
  10. Insecure Cryptographic Storage