This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Internet of Things Top Ten Project"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
+
{{Social Media Links}}
  
 
+
=Main=
 
 
='''Main'''=
 
  
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
  
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
{{Top_10:SubsectionTableBeginTemplate|type=headertab}} {{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=firstLeft|title=1|risk=10|year=2013|language=en}}
+
==OWASP Internet of Things Top 10 Project==
 
 
==OWASP Internet of Things Top Ten Project==
 
  
 
Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”  
 
Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”  
Line 19: Line 17:
  
  
 
 
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=IoT|position=right|title=2|risk=1|year=2013|language=en}}
 
 
==Internet of Things Top 10 (tentative)==
 
 
#Insecure Web Interface
 
#Insufficient Authentication/Authorization
 
#Insecure Network Services
 
#Lack of Transport Encryption
 
#Privacy Concerns
 
#Insecure Cloud Interface
 
#Insecure Mobile Interface
 
#Insufficient Security Configurability
 
#Insecure Software/Firmware Updates
 
#Poor Physical Security
 
 
 
 
 
 
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=3|risk=1|year=2013|language=en}}
 
 
==Description==
 
 
Write a description that is just a few paragraphs long
 
 
 
 
 
 
 
 
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=4|risk=1|year=2013|language=en}}
 
  
 
==Licensing==
 
==Licensing==
 +
The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
The OWASP Internet of Things Top Ten Project is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 
  
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
  
 +
== What is the OWASP Top 10? ==
  
 +
The OWASP Top 10 provides:
  
 +
* A list of the 10 Most Critical Web Application Security Risks
  
 +
And for each Risk it provides:
 +
* A description
 +
* Example vulnerabilities
 +
* Example attacks
 +
* Guidance on how to avoid
 +
* References to OWASP and other related resources
  
 +
== Project Leader ==
  
 +
* [[User:Wichers | Dave Wichers]]
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=5|risk=1|year=2013|language=en}}
+
== Related Projects ==
  
== What is the OWASP Internet of Things Top Ten Project? ==
+
* [[OWASP_Mobile_Security_Project#Top_Ten_Mobile_Risks | OWASP Mobile Top 10 Risks]]
  
The OWASP Internet of Things Top Ten Project  provides:
+
* [[OWASP_Top_Ten_Cheat_Sheet | OWASP Top 10 Cheat Sheet]]
  
* xxx
+
* [[OWASP_Proactive_Controls | Top 10 Proactive Controls]]
* xxx
 
  
 +
* [[OWASP_Top_10/Mapping_to_WHID | OWASP Top 10 Mapped to the Web Hacking Incident Database]]
  
 +
== Ohloh ==
  
 +
*https://www.ohloh.net/p/OWASP-Top-10
  
 +
| valign="top"  style="padding-left:25px;width:200px;" |
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=6|risk=1|year=2013|language=en}}
+
== Quick Download ==
  
== Presentation ==
+
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
 +
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
 +
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Covering Each Item in the Top 10 (PPTX)].
  
Link to presentation
+
== Email List ==
  
 +
[https://lists.owasp.org/mailman/listinfo/Owasp-topten Project Email List]
 +
== News and Events ==
 +
* [12 Jun 2013] OWASP Top 10 - 2013 Final Released
 +
* [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment
  
 +
==Classifications==
  
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
 +
  |}
  
 +
|}
  
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=7|risk=1|year=2013|language=en}}
+
= OWASP Internet of Things Top 10 for 2014 =
  
== Project Leaders ==
+
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 
 
* Daniel Miessler
 
* Jason Haddix
 
* Craig Smith
 
  
 +
On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.
  
 +
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 document (PDF)].
 +
* [[Top_10_2013 | OWASP Top 10 2013 - Wiki.]]
 +
* [http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
 +
* [https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
 +
* [https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
 +
* [http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
 +
* [https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
 +
* [https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
 +
* [https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)]
 +
* [https://www.owasp.org/images/e/e3/OWASP_Top_10_-_2013_Final_Ukrainian.pdf OWASP Top 10 2013 - Ukrainian (PDF)]
 +
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)]
 +
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Changes-from-2010.pptx OWASP Top 10 2013 Presentation - Focusing on What Changed Since 2010 (PPTX)]
 +
* [http://owasptop10.googlecode.com/files/OWASP_Top-10_2013%20-%20Presentation.pptx OWASP Top 10 2013 Presentation - Presenting Each Item in the Top 10 (PPTX)].
  
  
 +
The OWASP Top 10 - 2013 is as follows:
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=8|risk=1|year=2013|language=en}}
+
* [[Top_10_2013-A1-Injection | A1 Injection]]
 +
* [[Top_10_2013-A2-Broken_Authentication_and_Session_Management | A2 Broken Authentication and Session Management]]
 +
* [[Top_10_2013-A3-Cross-Site_Scripting_(XSS) | A3 Cross-Site Scripting (XSS)]]
 +
* [[Top_10_2013-A4-Insecure_Direct_Object_References | A4 Insecure Direct Object References]]
 +
* [[Top_10_2013-A5-Security_Misconfiguration | A5 Security Misconfiguration]]
 +
* [[Top_10_2013-A6-Sensitive_Data_Exposure | A6 Sensitive Data Exposure]]
 +
* [[Top_10_2013-A7-Missing_Function_Level_Access_Control | A7 Missing Function Level Access Control]]
 +
* [[Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) | A8 Cross-Site Request Forgery (CSRF)]]
 +
* [[Top_10_2013-A9-Using_Components_with_Known_Vulnerabilities | A9 Using Components with Known Vulnerabilities]]
 +
* [[Top_10_2013-A10-Unvalidated_Redirects_and_Forwards | A10 Unvalidated Redirects and Forwards]]
  
== Related Projects ==
+
If you are interested, the methodology for how the Top 10 is produced is now documented here: [[Top_10_2013/ProjectMethodology | OWASP Top 10 Development Methodology]]
  
* [[OWASP_CISO_Survey]]
+
Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!
  
 +
As you help us spread the word, please emphasize:
  
 +
*OWASP is reaching out to developers, not just the application security community
 +
*The Top 10 is about managing risk, not just avoiding vulnerabilities
 +
*To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation
  
 +
We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.
  
 +
== Introduction ==
  
 +
The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.
  
 +
We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=9|risk=1|year=2013|language=en}}
+
== Changes between 2010 and 2013 Editions ==
  
== Quick Download ==
+
The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:
  
* Link to page/download
+
* A1 Injection
 +
* A2 Broken Authentication and Session Management (was formerly 2010-A3)
 +
* A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
 +
* A4 Insecure Direct Object References
 +
* A5 Security Misconfiguration (was formerly 2010-A6)
 +
* A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
 +
* A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
 +
* A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
 +
* A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
 +
* A10 Unvalidated Redirects and Forwards
  
 +
== 2013 Versions ==
  
 +
2013 Edition:
  
 +
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf OWASP Top 10 2013 - PDF]
 +
*[[Top_10_2013 | OWASP Top 10 2013 - wiki]]
 +
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20French.pdf OWASP Top 10 2013 - French (PDF)].
 +
*[https://www.owasp.org/images/5/51/OWASP_Top_10_2013-Chinese-V1.2.pdf OWASP Top 10 2013 - Chinese (PDF)].
 +
*[https://www.owasp.org/images/2/2c/OWASP_Top_10_-_2013_Final_-_Korean.pdf OWASP Top 10 2013 - Korea (PDF)].
 +
*[http://owasptop10.googlecode.com/files/OWASP_Top_10_-_2013_Brazilian_Portuguese.pdf OWASP Top 10 2013 - Brazilian Portuguese (PDF)].
 +
*[https://www.owasp.org/images/7/79/OWASP_Top_10_2013_JPN.pdf OWASP Top 10 2013 - Japanese (PDF)].
 +
*[https://www.owasp.org/images/6/6a/OWASP_TOP_10_2013_Arabic.pdf OWASP Top 10 2013 - Arabic (PDF)].
 +
*[https://www.owasp.org/images/5/5f/OWASP_Top_10_-_2013_Final_-_Espa%C3%B1ol.pdf OWASP Top 10 2013 - Spanish (PDF)].
 +
* [[OWASP_Top10_Hebrew|OWASP Top 10 2013 - Hebrew]] [https://www.owasp.org/images/1/1b/OWASP_Top_10_2013-Hebrew.pdf (PDF direct download)].
 +
*[http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-%20RC1.pdf OWASP Top 10 - 2013 - Release Candidate]
 +
*[https://www.owasp.org/images/3/3d/OWASP_Top_10_-_2013_Final_Release_-_Change_Log.docx OWASP Top 10 - 2013 - Final Release - Change Log (docx)]
  
 +
== Feedback ==
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=10|risk=1|year=2013|language=en}}
+
Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!
  
== News and Events ==
+
We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to [email protected] Thanks!
* [20 Nov 2013] News 2
 
* [30 Sep 2013] News 1
 
  
 +
To join the OWASP Top Ten mailing list or view the archives, please visit the [http://lists.owasp.org/mailman/listinfo/owasp-topten subscription page.]
  
 +
== Project Sponsors ==
  
 +
The OWASP Top Ten project is sponsored by {{MemberLinks|link=http://www.aspectsecurity.com|logo=Aspect_logo_owasp.jpg}}
  
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=left|title=11|risk=1|year=2013|language=en}}
+
<!-- ==== Project Identification ====
 
+
{{Template:OWASP OWASP_Top10 Project}} -->
== In Print ==
 
 
 
This project can be purchased as a print on demand book from Lulu.com
 
 
 
 
 
 
 
 
 
 
 
 
 
{{Top_10_2010:SubsectionAdvancedTemplate|type={{Top_10_2010:StyleTemplate}}|subsection=TenProjects|position=right|title=12|risk=1|year=2013|language=en}}
 
 
 
==Classifications==
 
 
 
  {| width="200" cellpadding="2"
 
  |-
 
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Project_Type_Files_DOC.jpg|link=]]
 
  |}
 
  
  
  
 +
= Project Details =
  
 +
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
  
 +
{{:GPC_Project_Details/OWASP_Top10 | OWASP Project Identification Tab}}
  
  
  
 +
__NOTOC__ <headertabs />
  
='''Internet of Things Top Ten 2014'''=
+
[[Category:OWASP_Project]] [[Category:OWASP_Document]] [[Category:OWASP_Download]] [[Category:OWASP_Release_Quality_Document]]
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
<headertabs />
 
 
 
 
 
 
 
|}
 

Revision as of 02:30, 16 June 2014


Share this:  E-mail this story Bookmark with Facebook Share on Digg.com Share on delicious Share on reddit.com Share on stumbleupon.com Share on LinkedIn.com Share on twitter.com Seed on Newsvine

OWASP Project Header.jpg

OWASP Internet of Things Top 10 Project

Oxford defines the Internet of Things as “a proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”

The OWASP Internet of Things (IoT) Top 10 is a project designed to help vendors who are interested in making common appliances and gadgets network/Internet accessible. The project walks through the top ten security problems that are seen with IoT devices, and how to prevent them.

Examples of IoT Devices: Cars, lighting systems, refrigerators, telephones, SCADA systems, traffic control systems, home security systems, TVs, DVRs, etc…


Licensing

The OWASP Top 10 is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is the OWASP Top 10?

The OWASP Top 10 provides:

  • A list of the 10 Most Critical Web Application Security Risks

And for each Risk it provides:

  • A description
  • Example vulnerabilities
  • Example attacks
  • Guidance on how to avoid
  • References to OWASP and other related resources

Project Leader

Related Projects

Ohloh

Quick Download

Email List

Project Email List

News and Events

  • [12 Jun 2013] OWASP Top 10 - 2013 Final Released
  • [Feb 2013] Draft OWASP Top 10 - 2013 - Released for Public Comment

Classifications

Owasp-flagship-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg


OWASP Project Header.jpg

On June 12, 2013 the OWASP Top 10 for 2013 was officially released. This version was updated based on numerous comments received during the comment period after the release candidate was released in Feb. 2013.


The OWASP Top 10 - 2013 is as follows:

If you are interested, the methodology for how the Top 10 is produced is now documented here: OWASP Top 10 Development Methodology

Please help us make sure every developer in the ENTIRE WORLD knows about the OWASP Top 10 by helping to spread the word!!!

As you help us spread the word, please emphasize:

  • OWASP is reaching out to developers, not just the application security community
  • The Top 10 is about managing risk, not just avoiding vulnerabilities
  • To manage these risks, organizations need an application risk management program, not just awareness training, app testing, and remediation

We need to encourage organizations to get off the penetrate and patch mentality. As Jeff Williams said in his 2009 OWASP AppSec DC Keynote: “we’ll never hack our way secure – it’s going to take a culture change” for organizations to properly address application security.

Introduction

The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Versions of the 2007 and 2010 version were translated into English, French, Spanish, Japanese, Korean and Turkish and other languages. Translation efforts for the 2013 version are underway and they will be posted as they become available.

We urge all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications do not contain these flaws. Adopting the OWASP Top Ten is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

Changes between 2010 and 2013 Editions

The OWASP Top 10 - 2013 includes the following changes as compared to the 2010 edition:

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly 2010-A3)
  • A3 Cross-Site Scripting (XSS) (was formerly 2010-A2)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration (was formerly 2010-A6)
  • A6 Sensitive Data Exposure (2010-A7 Insecure Cryptographic Storage and 2010-A9 Insufficient Transport Layer Protection were merged to form 2013-A6)
  • A7 Missing Function Level Access Control (renamed/broadened from 2010-A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF) (was formerly 2010-A5)
  • A9 Using Components with Known Vulnerabilities (new but was part of 2010-A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards

2013 Versions

2013 Edition:

Feedback

Please let us know how your organization is using the Top Ten. Include your name, organization's name, and brief description of how you use the list. Thanks for supporting OWASP!

We hope you find the information in the OWASP Top Ten useful. Please contribute back to the project by sending your comments, questions, and suggestions to [email protected] Thanks!

To join the OWASP Top Ten mailing list or view the archives, please visit the subscription page.

Project Sponsors

The OWASP Top Ten project is sponsored by Aspect_logo_owasp.jpg       



OWASP Project Header.jpg
PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Top Ten Project

Purpose: The OWASP Top Ten provides a powerful awareness document for web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.

License: Creative Commons Attribution Share Alike 3.0

who is working on this project?
Project Leader:

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: N/A

Mailing list: Subscribe or read the archives

Project Roadmap: N/A

Main links:

Project Health: Greenlight.pngGreenlight.pngGreenlight.png Level 3 Project (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Andrew van der Stock @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
OWASP Top 10 - 2017 RC1 - April 2017 - (download)

Release Leader: Andrew van der Stock @

Release details: N/A :

Rating: Greenlight.png Alpha Release
To be reviewed under Assessment Criteria v2.0

last reviewed release
OWASP Top 10 - 2013 - June 2013 - (download)


Release Leader: Wichers @

Release details: N/A

Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release
To be reviewed under Assessment Criteria v2.0

other releases
  • OWASP Top 10 2010 - 2010 - (download)
  • OWASP Top 10 2007 - 2007 - (download)
  • OWASP Top 10 2004 - 2004 - (download)
  • OWASP Top 10 2003 - 2003 - (no download available)


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Internet_of_Things_Top_Ten_Project&oldid=176935"