The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving the safety of software. It was founded in 2001 by Mark Curphey.
OWASP features a range of tools it uses, methodologies, and libraries to see web application security to seek out security vulnerabilities in web applications. They even have documentation guidelines for testing common attack vectors. This permits developers to write better, safer code and provides consumers a far better understanding of what’s possible both in terms of attack and mitigation.
Since 2003, OWASP has maintained a list of the ten most common application vulnerabilities. The list includes their risks, impacts, and countermeasures. Every three to four years, the list is updated following advancements within the security field with the newest release in 2017.
By learning the issues on the OWASP Top 10 chart and the way to resolve them, application developers can take concrete steps toward a safer application that helps keep users safe when it involves malicious attacks.
The OWASP Top 10 list includes,
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging and Monitoring