Skip to content

OWASP Top 10


The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization focused on improving the security of software. The OWASP Top Ten is a listing of the top ten risk categories for web applications.

OWASP is in a unique position to provide impartial, practical information about application security to individuals, corporations, universities, government agencies, and other organizations worldwide. The OWASP Top Ten provides as a way to clarify and communicate the types of security risks faced by many web applications. This has helped shift the application security conversation to focus on common risk areas.

The OWASP Top Ten is a major industry component, cited by other standards, such as PCI-DSS, DISA STIG, and MITRE. The list is based on observations from many security professionals across many companies discussing the types of attack and defense techniques most relevant to in internet applications. In-depth analytics on telemetry data shared from real-world applications also is used in the formulation of the OWASP Top Ten. The list is updated approximately every three years when new vulnerabilities can be added, consolidated, or removed.

Download White Paper

Back to Listing