Official OWASP Top 10 Document Repository
Please log any feedback, comments, or log issues here.
We have released the OWASP Top 10 - 2017 (Final)
There are currently four co-leaders for the OWASP Top 10. We meet every Friday at 1 pm US PDT to discuss the project. If you want to join that call, please contact us. It's really not that exciting.
- Andrew van der Stock (twitter: @vanderaj)
- Brian Glas (twitter: @infosecdad)
- Neil Smithline (twitter: @appsecneil)
- Torsten Gigler (twitter: @torsten_tweet)
- Notice => Torsten + Vorwort der deutschen Version => Thomas und Torsten ✅ 🏳️
- Introduction = Home -> Ralf (Am Ende) ⏳
- How to use the OWASP Top 10 as a standard => Tobias H. ✅🏳️
- How to start an AppSec program with the OWASP Top 10 => Daniel G. ✅🏳️
- About OWASP => Torsten/Thomas ✅🏳️
- Top 10:2021 List
- A01 Broken Access Control => Tobias H. ✅🏳️
- A02 Cryptographic Failures => Jan ✅🏳️
- A03 Injection => Ralf (2017 + XSS 2017):question:
- A04 Insecure Design => Thomas/Torsten ⏳
- A05 Security Misconfiguration => Florian ✅ 🏳️
- A06 Vulnerable and Outdated Components => Florian ✅🏳️
- A07 Identification and Authentication Failures => Daniel ✅🏳️
- A08 Software and Data Integrity Failures => Tobias H. ✅🏳️
- A09 Security Logging and Monitoring Failures => Tobias H. ✅🏳️
- A10 Server Side Request Forgery (SSRF) => Daniel ✅🏁
- Next Steps => Daniel ✅🏁
- 🏳️: Peer-Review fehlt
- 🏁: Peer-Review erledigt.