This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Category:OWASP AppSec FAQ Project

Jump to: navigation, search

OWASP Inactive Banner.jpg


What is this FAQ about?

This FAQ answers some of the questions that developers have about Web Application Security. This FAQ is not specific to a particular platform or language. It addresses the common threats to web applications and are applicable to any platform.

What are these common threats to Web Applications?

While developing an application, most of us are focused on the functionality rather than security. Attackers take advantage of this by exploiting the application in a number of ways. Some of the common threats to web applications are SQL Injection, Cross Site Scripting, Variable Manipulation and exploitation of important features like Forgot Password. There are separate sections in this FAQ answering the common questions on these threats.

Who developed this FAQ?

This FAQ is an evolving document with contributions from the security community. Sangita Pakala and her team from Paladion Networks developed the first version of the FAQ and maintain this page.

How can I contribute to this FAQ?

We need your feedback and contributions to improve the FAQ. We'd love to hear from you about:

  • New questions to add to the FAQ
  • Better answers for current questions
  • New links to documents/tools
  • Suggestions to improve the FAQ

You could mail your contributions to [email protected]

You can find the full OWASP AppSec FAQ to see all the details.

The OWASP FAQ is available for download as Word and PDF formats.

New! The Spanish language verison of the FAQ is now available in Word and PDF formats. Many thanks to Juan Carlos and Alberto Pena for their fantastic Spanish translation work.

OWASP AppSec FAQ Project Roadmap

Project Details

What does this OWASP project offer you?
what is this project?
OWASP AppSec FAQ Project

Purpose: N/A

License: N/A

who is working on this project?
Project Leader: Pete Niner @

Project Maintainer: Pete Niner @

Project Contributor(s): N/A

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Pete Niner @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.

Pages in category "OWASP AppSec FAQ Project"

The following 2 pages are in this category, out of 2 total.