Dr. Drew Hwang, CIS, Cal Poly Pomona
Home
101
WDD
ECOMM
SWA
SP
Secure Web Development
Home
Basics
Offense
Defense
SDLC
Code
Access
Parameter
Perimeter
Browser
Industry
Resource
Offense
Anatomy of Attacks
Ethical Hacking Tools
OWASP Top 10
Introduction
v.2007
v.2010
v.2013
Other Models
WASC (V2.0)
MS Threat Model
One More Viewpoint
Print
OWASP Top 10
The goal of the Top 10 project is to raise awareness about application security by identifying some of the most critical risks facing organizations.
The OWASP Top 10 was first released in 2003, with minor updates in 2004 and 2007.
The 2010 version was revamped to prioritize by risk, not just prevalence. The 2013 edition follows the same approach.
According to
Jeff Williams
,
one of the OWASP founders, after a decade's efforts the OWASP Top 10 has failed to stamp out any of the major vulnerabilities. Many web application vulnerabilities still remain prevalent. The 2013 version hasn't evolved much from the 2003 edition.
The OWASP Top 10 only provides guidance for awareness and it does not encompass all vulnerabilities or risks associated with web applications.