This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:OWASP AppSec FAQ Project
Introduction
What is this FAQ about?
This FAQ answers some of the questions that developers have about Web Application Security. This FAQ is not specific to a particular platform or language. It addresses the common threats to web applications and are applicable to any platform.
The OWASP FAQ is available for download as Word and PDF formats.
New! The Spanish language verison of the FAQ is now available in Word and PDF formats. Many thanks to Juan Carlos and Alberto Pena for their fantastic Spanish translation work.
What are these common threats to Web Applications?
While developing an application, most of us are focused on the functionality rather than security. Attackers take advantage of this by exploiting the application in a number of ways. Some of the common threats to web applications are SQL Injection, Cross Site Scripting, Variable Manipulation and exploitation of important features like Forgot Password. There are separate sections in this FAQ answering the common questions on these threats.
Who developed this FAQ?
This FAQ is an evolving document with contributions from the security community. Sangita Pakala and her team from Paladion Networks developed the first version of the FAQ and maintain this page.
How can I contribute to this FAQ?
We need your feedback and contributions to improve the FAQ. We'd love to hear from you about:
- New questions to add to the FAQ
- Better answers for current questions
- New links to documents/tools
- Suggestions to improve the FAQ
You could mail your contributions to [email protected]
Contents
You can find the full AppSec FAQ Table of Contents to see all the details.
Download
You can download the OWASP_FAQ Word document.
Pages in category "OWASP AppSec FAQ Project"
The following 2 pages are in this category, out of 2 total.