OWASP Top 10

  • The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations. 
  • The OWASP Top 10 was first released in 2003, with minor updates in 2004 and 2007.
  • The 2010 version was revamped to prioritize by risk, not just prevalence. The 2013 edition follows the same approach.
  • According to Jeff Williams, one of the OWASP founders, after a decade's efforts the OWASP Top 10 has failed to stamp out any of the major vulnerabilities. Many web application vulnerabilities still remain prevalent. The 2013 version hasn't evolved much from the 2003 edition. 
  • The OWASP Top 10 only provides guidance for awareness and it does not encompass all vulnerabilities or risks associated with web applications.