Is drupal is able to handle effectively all the Top 10 Security Risks as mentioned by OWASP
The OWASP Top 10 Web Application Security Risks for 2010 are:
A1: Injection (SQL, OS, LDAP, XPath, Program Arguements) – untrusted data sent to an interpreter as part of a command or query.
A2: Cross-Site Scripting (XSS) - untrusted data sent by a server to a browser.
A3: Broken Authentication and Session Management – compromise passwords, keys, tokens etc. to assume user’s identities.
A4: Insecure Direct Object References - exposing a reference to an internal implementation object without an access control check.
A5: Cross-Site Request Forgery (CSRF) - forcing a browser to send a forged HTTP request.
A6: Security Misconfiguration - secure the defaults for framework, platform, application, framework, servers (web, application, database).
A7: Insecure Cryptographic Storage - protect sensitive data.
A8: Failure to Restrict URL Access - access control checks on page access.
A9: Insufficient Transport Layer Protection - protect sensitive communications (avoid invalid certificates, weak algorithms).
A10: Unvalidated Redirects and Forwards - validate destination information.