Skip to main content

OWASP TOP 10

What? Why?

Globally recognized by developers as the first step towards more secure coding.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Companies should adopt this document and start the process of ensuring that their web applications minimize these risks. Using the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces more secure code.

Evolution

OWASP TOP 2013 vs 2017

Key facts to understand this evolution:

  • JavaScript is the primary language of the web (Js client and Nodejs).
  • Nodejs applications are not only web oriented (Electron, Johnny Five...)
  • Serverless, JAM Stack and cloud are creating new architectures
  • Microservices are a key player in the ecosystem with new security challenges.
  • Single Page Application (SPA), Progressive Web App (PWA) are key players in frontend architectures.
  • API RESTful are much more extended than SOAP.
  • CI/CD and agile practices are a great entry point for attacks.

Vulnerability list

TL;DR:

We just wanted to refresh and update the OWASP TOP 10 to our day to day needs in One Beyond.

We started by forking the current OWASP TOP 10 and added extra content such as examples in Nodejs, Videos, memes... as well we re-writing some content in order to simplify and clarify them for our stack.

Bender meme says: I'm going to make my own OWASP top 10 with actual vulns

Our list