What is OWASP?
Open Web Application Security Project or OWASP is an online community dedicated to web application security. The community works towards finding the most critical web application security flaws and the issues reported by this community are often easy to find and exploit and hence it is a cause of worry for all businesses. These are specific issues that vulnerability detection services like Appknox use to help pinpoint areas of weakness and stop security issues before they happen. This community has many different projects under its umbrella, one of which is the 'OWASP Top 10 Project'.
What is OWASP Top 10?
The goal of the OWASP Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more.
The list represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The Top 10 Vulnerabilities:
As per the last update, here are the top vulnerabilities as reported by OWASP, arranged in order of severity:
A2. Broken Authentication and Session Management (XSS)
A3. Cross Site Scripting (XSS)
A4. Insecure Direct Object References
A5. Security Misconfiguration
A6. Sensitive Data Exposure
A7. Missing Function Level Access Control
A8. Cross Site Request Forgery (CSRF)
A9. Using Components with Known Vulnerabilities
A10. Unvalidated Redirects and Forwards
Our next article in this series is about the top 10 mobile security risks as defined by the OWASP Top 10 Project for Mobile. In case you are wondering how to secure mobile applications from these risks, here's our exhaustive list of 10 measures to meet OWASP security guidelines.
To stay updated on the latest happenings in the mobile security ecosystem, you can subscribe to the Appknox blog by entering your email address below.