The Dirty Dozen:
The Top Web Application Vulnerabilities and How to Hunt Them Down at the Source

Web applications are vulnerable most often because they are written that way. According to John Pescatore of Gartner, "Often, placing a firewall between an insider and a vulnerability is impossible. The only solution to security is to eliminate the vulnerability."¹ Unvalidated input, weak cryptography, insufficient access control: these are just some of the (baker's) dozen of design and coding errors that, with today's new automated source code analysis technologies, can be identified, analyzed and eliminated.

This white paper presents the Dirty Dozen web application security vulnerabilities that managers, coders, and analysts should focus on to drastically reduce the security risk of doing business on the World Wide Web, and the technologies available to help in the hunt.

This white paper:

• outlines the Dirty "Baker's" Dozen web application vulnerabilities, identifying the most common coding flaws and design errors
• describes the available technologies to aid in the hunt for the Dirty Dozen
• includes Threat Case Studies of the most common security vulnerabilities and how to avoid them

Make the hunt for the Dirty Dozen a daily part of your software development lifecycle. Download this Ounce Labs white paper today!

About Ounce Labs, Inc.

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

Once you have completed your download, please use your Ounce Labs ID to access any of our other in-depth security publications in our Library.

¹Pescatore, John, "Management Update: Keys to Achieving Secure Software Systems", Gartner, 22 September 2004

back to top