The OWASP Top Ten List

We’ll spend most of the rest of this book talking about web security vulnerabilities and principles, but just to whet your appetite for what’s to come, let’s start by getting familiar with the OWASP Top Ten List.

One of the most-respected authorities in the field of web application security is the organization OWASP, short for the Open Web Application Security Project. As its name implies, OWASP is an open-source project with the goal of improving web application security. (You can see a screenshot of the OWASP web site,, in Figure 1-3.)


Figure 1-3 The OWASP web site

OWASP is basically a loose ...

Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.