Topping the list of the most dangerous and widespread flaws in web-applications was taken by injection of code.
According to the creators of Open Web Application Security Project (OWASP), which for the past 10 years is the top 10 most dangerous vulnerabilities in web-applications published the final version of the rankings in 2013.
The purpose of the publication of this data is based on the prevalence of threats and dangers is to draw attention of web-developers towards the most pressing security issues. Each of these threats (preliminary version of the list was available as early as February this year) were discussed in detail by independent experts at the forum OWASP.
It should also be noted that the rating are based on an analysis of eight database holes from seven manufacturers – a total of more than 500 thousand vulnerabilities in thousands of applications. The changes introduced in the rankings for three years (the last time it was drafted in 2010) can be seen in the chart by OWASP:
“The introduction of the code,” by far remains the most leading threats, while the “wrong authentication and session management” swapped places with “cross-site scripting,” are now at the third position.