Empty input
Last updated 2017-08-12

OWASP

Learn OWASP and web security

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.

Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies and other organizations worldwide. Operating as a community of like-minded professionals, OWASP issues software tools and knowledge-based documentation on application security.

For 2017, the OWASP Top 10 Most Critical Web Application Security Risks (in the Release Candidate) are:

  • A1 Injection
  • A2 Broken Authentication and Session Management
  • A3 Cross-Site Scripting (XSS)
  • A4 Broken Access Control (As it was in 2004)
  • A5 Security Misconfiguration
  • A6 Sensitive Data Exposure
  • A7 Insufficient Attack Protection (NEW)
  • A8 Cross-Site Request Forgery (CSRF)
  • A9 Using Components with Known Vulnerabilities
  • A10 Underprotected APIs (NEW)

Learn more on https://www.owasp.org