At AppsecDC OWASP published the latest version of its top ten list. From the Top Ten
"OWASP plans to release the final public release of the OWASP Top 10 -2010during the first quarter of 2010 after a final, one-month public comment period ending December 31, 2009.
This release of the OWASPTop 10 marks this project’s eighth year of raising awareness of the importance of application security risks. This release has been significantly revised to clarify the focus on risk. To do this, we’ve detailed the threats, attacks, weaknesses, security controls, technical impacts, and business impacts associated with each risk. By adopting this approach, we hope to provide a model for how organizations can think beyond the ten risks here and figure out the most important risks that their applications create for their business" - OWASP
Here's a copy of the new top ten.
Jeremiah Grossman has posted a review of the top ten worth checking out.
OWASP 2010 Top Ten RC1: http://www.owasp.org/index.php/File:OWASP_T10_-_2010_rc1.pdf
Dark Reading Article: http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=221700095&cid=ref-true