Appsec person here with a potentially unpopular opinion.<p>I find OWASP guidance generally lags behind latest research by at least a couple of years.<p>All too commonly the projects seem like CV padding pieces that get abandoned and not updated (I re-iterate, not all OWASP projects, just a lot of them).<p>If you are developer who wants to learn more about appsec, I’d recommend checking out pentesterlab.com and working through the exercises there.
The cheat sheet series is the best project at OWASP. I use them almost weekly when I reference vulnerabilities for developers. It's one of the main reasons I have a membership. If you feel the guidance is starting to get stale, take a few minutes to make an update and submit a pull request. I'm sure it will be appreciated.