OWASP top 10 Open Web Application Security Project https://owasp.org/
OWASP top 10 - 2013 (Book: release it! - Michael Nygard)
- OWASP Injection
- OWASP Broken Authentication and Session Management
- OWASP Cross Site Scripting (XSS)
- OWASP Broken Access Control
- OWASP Security Misconfiguration
- OWASP Sensitive Data Exposure
- OWASP Insufficient Attack Protection
- OWASP Cross-Site Request Forgery (CSRF)
- OWASP Using Components with Known Vulnerabilities
- OWASP Underprotected APIs
(src: Book: release it! - Michael Nygard)
2017 added
- covered in (2013.1) OWASP Injection by Book: release it! - Michael Nygard
- (8) Insecure Deserialization
- maybe partially mentioned in (2013.10) OWASP Underprotected APIs by Book: release it! - Michael Nygard
- (10) Insufficient Logging & Monitoring
- maybe partially mentioned in (2013.5) OWASP Security Misconfiguration by Book: release it! - Michael Nygard
- maybe partially mentioned in (2013.7) OWASP Insufficient Attack Protection by Book: release it! - Michael Nygard
2021 added
- (4) Insecure Design
- (8) Software And Data Integrity Failures
- (10) Server-side Request Forgery (SSRF)
OWASP Top 10 - Versions
- 2010
- 2013 -> Book: release it! - Michael Nygard (second edition)
- 2017
- 2021
(src: PDF - owasp top 10 (2013))
(src: PDF - owasp top 10 (2017))
(src: OWASP Top Ten | OWASP Foundation)
Backlinks
- OWASP Broken Access Control
- OWASP Broken Authentication and Session Management
- OWASP Cross Site Scripting (XSS)
- OWASP Cross-Site Request Forgery (CSRF)
- OWASP Insufficient Attack Protection
- OWASP Security Misconfiguration
- OWASP Sensitive Data Exposure
- OWASP Underprotected APIs
- OWASP Using Components with Known Vulnerabilities
- Book: release it! - Michael Nygard