OWASP (Open Web Application Security Project) is an organization focused on improving security of software. Their mission is to make software security visible so that individuals and organizations can make informed decisions about software security risks. They published a Top Ten document to promote awareness for Web Application Security.
The top ten represents the most critical web application security flaws. A couple of points on the top 10:
- They have many international versions of the Top 10 list.
- The Top 10 continues to change and evolve.
- There are hundreds of issues that can possibly affect Web Application Security so don't stop with mitigating the top 10. OWASP has several resources that can assist such as the OWASP Developer's Guide, OWASP Cheat Sheet Series, OWASP Testing Guide and the OWASP Code Review Guide.
The OWASP Top 10 is a list of the 10 Most Critical Web Application Security Risks and for each Risk it provides:
- A description
- Example vulnerabilities
- Example attacks
- Guidance on how to avoid
- References to OWASP and other related resources