OWASP

The Open Web Application Security Project (OWASP) is a non-profit organization founded in 2001, with the goal of helping website owners and security experts protect web applications from cyber attacks. OWASP has 32,000 volunteers around the world who perform security assessments and research.

Among OWASP’s key publications are the OWASP Top 10, discussed in more detail below; the OWASP Software Assurance Maturity Model (SAMM), the OWASP Development Guide, the OWASP Testing Guide, and the OWASP Code Review Guide.

The OWASP Top 10

OWASP Top 10 is a widely accepted document that prioritizes the most important security risks affecting web applications. Although there are many more than ten security risks, the idea behind the OWASP Top 10 is to make security professionals keenly aware of at least the most critical security risks, and learn how to defend against them.

OWASP periodically evaluates important types of cyber attacks by four criteria: ease of exploitability, prevalence, detectability, and business impact, and selects the top 10 attacks. The OWASP Top 10 was first published in 2003 and has since been updated in 2004, 2007, 2010, 2013, and 2017.