Revision as of 16:18, 25 May 2006

Introduction

What is this FAQ about?

This FAQ answers some of the questions that developers have about Web Application Security. This FAQ is not specific to a particular platform or language. It addresses the common threats to web applications and are applicable to any platform.

The OWASP FAQ is available for download as Word and PDF formats.

New! The Spanish language verison of the FAQ is now available in Word and PDF formats. Many thanks to Juan Carlos and Alberto Pena for their fantastic Spanish translation work.

What are these common threats to Web Applications?

While developing an application, most of us are focused on the functionality rather than security. Attackers take advantage of this by exploiting the application in a number of ways. Some of the common threats to web applications are SQL Injection, Cross Site Scripting, Variable Manipulation and exploitation of important features like Forgot Password. There are separate sections in this FAQ answering the common questions on these threats.

Who developed this FAQ?

This FAQ is an evolving document with contributions from the security community. Sangita Pakala and her team from Paladion Networks developed the first version of the FAQ and maintain this page.

How can I contribute to this FAQ?

We need your feedback and contributions to improve the FAQ. We'd love to hear from you about:

• New questions to add to the FAQ
• Better answers for current questions
• New links to documents/tools
• Suggestions to improve the FAQ

You could mail your contributions to [email protected]

Contents

You can find the full AppSec FAQ Table of Contents to see all the details.