What is OWASP?
OWASP or Open Web Application Security Project is an online community dedicated to web application security. The community works towards finding the most critical web application security flaws. The issues reported by OWASP are often easy to find and exploit and hence it is a cause of worry for all businesses. These are specific issues that vulnerability detection services like Appknox use to help pinpoint areas of weakness and stop security issues before they happen. OWASP has many different projects under its umbrella, one of which is the OWASP Top 10 Project.
What is OWASP Top 10
The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. The Top 10 project is referenced by many standards, books, tools, and organizations, including MITRE, PCI DSS, DISA, FTC, and many more.
The OWASP Top 10 represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list.
The OWASP Top 10 provides:
- A list of the 10 Most Critical Web Application Security Risks
And for each Risk it provides:
- A description
- Example vulnerabilities
- Example attacks
- Guidance on how to avoid
- References to OWASP and other related resources
The Top 10 Vulnerabilities
As per the last update, here are the top vulnerabilities as reported by OWASP, arranged in order of severity:
A2. Broken Authentication and Session Management (XSS)
A3. Cross Site Scripting (XSS)
A4. Insecure Direct Object References
A5. Security Misconfiguration
A6. Sensitive Data Exposure
A7. Missing Function Level Access Control
A8. Cross Site Request Forgery (CSRF)
A9. Using Components with Known Vulnerabilities
A10. Unvalidated Redirects and Forwards
Our next article in this series is about the top 10 mobile security risks as defined by the OWASP Top 10 Project for Mobile. Here's the link to the complete list of security guidelines under the OWASP Top 10.
To stay updated on the latest happenings in the mobile security ecosystem, you can subscribe to the Appknox blog by entering your email address below.