Open Web Application Security Project

Learning Objectives

• Understand what the OWASP is
• Understand what the OWASP Top 10 is

OWASP

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software.

Their website https://owasp.org/ is a great resource for information on software security.

OWASP Top 10

Periodically, OWASP produces a list of what it considers the 10 most important classes of software vulnerabilities that exist in the world. The vulnerabilities are ranked based on their prevalence and their severity. Along with a description of each vulnerability, OWASP also includes some examples and strategies for mitigating against them. At the time of writing (2022), the current top 10 is:

1. Broken Access Control
2. Cryptographic Failures
3. Injection
4. Insecure Design
5. Security Misconfiguration
6. Vulnerable and Outdated components
7. Identification and Authentication Failures
8. Software and Data Integrity Failures
9. Security Logging and Monitoring Failures
10. Server-Side Request Forgery

Assignment

Once you've studied the entire top 10, come back and do this quiz on Applied