The OWASP Top Ten List

We’ll spend most of the rest of this book talking about web security vulnerabilities and principles, but just to whet your appetite for what’s to come, let’s start by getting familiar with the OWASP Top Ten List.

One of the most-respected authorities in the field of web application security is the organization OWASP, short for the Open Web Application Security Project. As its name implies, OWASP is an open-source project with the goal of improving web application security. (You can see a screenshot of the OWASP web site, www.owasp.org, in Figure 1-3.)

image

Figure 1-3 The OWASP web site www.owasp.org

OWASP is basically a loose ...

Get Web Application Security, A Beginner's Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.