OWASP Top 10
- The goal of the Top 10 project is to raise awareness about
application security by identifying some of the most critical
risks facing organizations.
- The OWASP Top 10 was first released in 2003, with
minor updates in 2004 and 2007.
- The 2010 version was
revamped to prioritize by risk, not just prevalence. The 2013
edition follows the same approach.
- According to Jeff Williams, one of the OWASP founders, after a decade's efforts the OWASP Top 10 has failed to stamp out
any of the major vulnerabilities. Many web application vulnerabilities still remain prevalent. The 2013 version hasn't
evolved much from the 2003 edition.
- The OWASP Top 10 only provides guidance for awareness and it does
not encompass all vulnerabilities or risks associated with web