The Open Web Application Security Project (OWASP) maintains and publishes an oingoing list of top ten threats to web applications. With some of exceptions, the threats listed in the OWASP top ten can be applicable to any service, be it a web application, REST service, SOAP service or custom application. It is interesting to note that while there are changes to the bottom five threats, the top five threats remain unchanged since 2007.
I recently had a great discussion with Wendy Nather from the 451 Analyst Group. She had found one of my previous posts on using a service gateway to protect against the OWASP Top 10 and had some follow up questions. I wanted to share some of the discussion as well as her questions because it really got me thinking more about Enterprise application architecture and security.