In this series, we are going to have a detailed discussion about OWASP and OWASP Top 10 List.

When we create a web application, one of the biggest challenges we face is its security. Most of our web applications are exposed to the internet. Hence, attackers could easily target those.

Today, there is a large community working on improving web application security. They identify various types of attacks that can happen in a web application and steps to prevent those. Here, we are going to discuss one such organization called OWASP

OWASP

Open Web Application Security Project(OWASP) is a global non-profit organization. They provide information about web application security, thereby helping us make informed decisions.

The OWASP Foundation came online in 2001. Later in 2004, they established it as a non-profit charitable organization in the United States. OWASP operates as an open community. They provide tools and documentation on application security.

OWASP runs a lot of projects through collaboration between community members. As a result, today there are close to 100 open projects. These projects are either tools, documents, or code libraries. Furthermore, they have classified their projects as Flagship Projects, Lab Projects, and Incubator Projects.

Top 10 Vulnerabilities

OWASP Top 10 is a regularly-updated report outlining the security concerns for web applications. It focuses on the 10 most critical risks. They have last updated the list in 2017.

OWASP refers to this report as an awareness document. They recommend that everyone should consider this report while developing web applications. That way, we can minimize security risks.

The OWASP top 10 vulnerabilities are:

  • Injection
  • Broken Authentication
  • Sensitive Data Exposure
  • XML External Entities (XXE)
  • Broken Access Control
  • Security Misconfigurations
  • Cross-Site Scripting (XSS)
  • Insecure De-Serialization
  • Using Components with Known Vulnerabilities
  • Insufficient Logging and Monitoring

We are going to discuss each of these in detail in the upcoming articles. We’ll start with the injection attack in the first part of this series.