WHAT IS OWASP TOP 10?
The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization focused on improving the security of software. The OWASP Top 10 is a listing of the ten most common vulnerabilities used to exploit web applications.
OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. The OWASP top ten list provides as a way to clarify and communicate the types of security risks faced by many web applications. This has helped shift the application security conversation to focus on common risk areas.
The OWASP Top 10 has become a major industry component, cited by other standards, such as PCI-DSS, DISA STIG, and MITRE. The list is based on observations from many security professionals across many companies discussing the types of attack and defense techniques most relevant to in internet applications. The list is updated approximately every three years when new vulnerabilities can be added, consolidated, or removed.