This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP/Training/OWASP Top 10

Revision as of 18:36, 21 December 2010 by Sandra Paiva (talk | contribs)

Jump to: navigation, search
OWASP Top 10
Overview & Goal
The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organisations about the consequences of the most important web application security weaknesses. The Top 10 provides basic methods to protect against these high risk problem areas and provides guidance on where to go from there. The Top 10 project is referenced by many standards, books, tools, and organisations, including MITRE, PCI DSS, DISA, FTC, and many more. The OWASP Top 10 was initially released in 2003 and minor updates were made in 2004, 2007, and this 2010 release. We encourage you to use the Top 10 to get your organisation started with application security so developers can learn from the mistakes of other organisations. Executives can start thinking about how to manage the risk that software applications create in their enterprise.
Contents Materials

This significant update presents a more concise, risk focused list of the Top 10 Most Critical Web Application Security Risks. The OWASP Top 10 has always been about risk, but this update makes this much more clear than previous editions, and provides additional information on how to assess these risks for your applications. For each Top 10 item, this release discusses the general likelihood and consequence factors that are used to categorise the typical severity of the risk, and then presents guidance on how to verify whether you have problems in this area, how to avoid them, some example flaws in that area, and pointers to links with more information.