(also Open Web Application Security Project)
OWASP (Open Web Application Security Project) is a non-profit organization that provides resources and tools designed to improve the security of software applications. OWASP produces a list of the top 10 web application security vulnerabilities every three to four years. The list is recognized globally by developers, software engineers, security professionals, and businesses looking to mitigate common cybersecurity threats.
OWASP’s top 10
The list of top ten vulnerabilities changes every few years. Here’s the current top 10:
- Cryptographic failures
- Insecure design
- Broken access control
- Security misconfiguration
- Vulnerable and outdated components
- Identification and authentication failures
- Software and data integrity failures
- Security logging and monitoring failures
- Server-side request forgery
- Risk assessment. OWASP provides guidance to businesses on how to perform risk assessments on web apps to identify vulnerabilities.
- Secure coding practices. Developers globally trust OWASP to provide information on secure coding practices (such as handling sensitive data, protecting against common attacks, and securely storing passwords).
- Education and training. OWASP provides learning resources and training materials for improving the security knowledge of developers.
- Secure testing tools. OWASP provides testing tools that developers can use to scan web applications for security vulnerabilities (e.g., the OWASP Zed Attack Proxy and the OWASP Dependency Check)
- Community. OWASP provides a community of developers, security professionals, and other stakeholders who can share best practices and collaborate on security projects.