Cyber Security is a complex area that has an impact on a wide range of subjects. There are many classes of vulnerabilities, each affecting a set of services or applications.

One area that is of particular interest is security on the web. As society becomes increasingly digital, the web is becoming more embedded in our lives. The OWASP (Open Web Application Security Project) has been tracking web based vulnerabilities since 2004, surveying organisations and collating information on the types of cyber attack that affect websites.

NOTE: Security researchers love lists. As well as OWASP for web, there are several other "Top 10's"; they let us work out what issues to focus on. However, as new threats occur, any security audit based on only the top10 is probably not comprehensive enough.

As well as advice on mitigating security issues, each year they produce a report (the OWASP top 10), presenting the most common threats that have occurred that year. This report can provide security researchers with areas to focus on, and will highlight new trends in the types of attack that may occur.

Task (~1 Hour)

Let's start thinking about security - take a look at the OWASP Top 10 Web vulnerabilities, OWASP Top10

In the forums discuss:

• Which of the vulnerabilities do you think is the most "Dangerous"?
• Can you think of an example of a recent "Hack" you have heard about that has used one of the OWASP top 10?
• Look back through previous versions of the top 10 - what trends can you see? Are there any problems that have been "Fixed"?