OWASP (Open Web Application Security Project)

OWASP, short for Open Web Application Security Project, is a global nonprofit organization dedicated to improving the security of web applications and software. The organization is comprised of a community of security professionals, developers, and experts to focus on identifying, mitigating, and raising awareness about security risks and vulnerabilities that can affect web-based technologies. It is not affiliated with any technology company, though the group supports the informed use of commercial technology.

OWASP focuses on improving the security of web applications, which are programs accessed through web browsers. It identifies vulnerabilities, develops educational resources, and offers tools to help developers and security experts create secure applications based on best practices. Through projects, guides, conferences, and training, OWASP strives to ensure a safer online environment and equip individuals with the tools to build and maintain secure web applications.

The OWASP Top 10 is an awareness document used as the de facto industry AppSec standard. The organization considers it the bare minimum and starting point for achieving application security.

As of the time of this entry, the current top 10 are:

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable and Outdated Components

7. Identification and Authentication Failures

8. Software and Data Integrity Failures

9. Security Logging and Monitoring Failures

10. Server-Side Request Forgery (SSRF)