Open Source Foundation for Application Security

The OWASP has been around for a <i>long time</i> and they regularly publish a &quot;Top 10&quot; Web Application Security Risk list. It&#x27;s amazing (or maybe not) how long some of these have been on the list:<p>1) Injection 2) Broken Authentication 3) Sensitive Data Exposure 4) XML External Entities (XXE) 5) Broken Access Control 6) Security Misconfigurations 7) Cross-Site Scripting (XSS) 8) Insecure Deserialization 9) Using Components with Known Vulnerabilities 10) Insufficient Logging &amp; Monitoring<p><a href="https:&#x2F;&#x2F;owasp.org&#x2F;www-project-top-ten&#x2F;" rel="nofollow">https:&#x2F;&#x2F;owasp.org&#x2F;www-project-top-ten&#x2F;</a>

Owasp is not a well known foundation. Party due to the imho good choice to avoid its own certification. Real openness, so Foss software and cc-by licensed docs do not match well with scams to earn large amounts of money with trainings and certifications. Owasp community meet-ups and conferences are great. Since barriers to visit are very low, which make it an inclusive security foundation.

Which has been around since 2001. One of the interesting things about the OWASP Top 10 is how many have hung around, albeit often in somewhat different forms, for a very long time.

In my local University, OWASP is <i>the</i> place the teachers quote when it comes to security related things. For same reason great deal of exam quizzes comes from OWASP catalog.<p>Especially I&#x27;d like to highlight the Cheat Sheet Series in here: <a href="https:&#x2F;&#x2F;cheatsheetseries.owasp.org&#x2F;Glossary.html" rel="nofollow">https:&#x2F;&#x2F;cheatsheetseries.owasp.org&#x2F;Glossary.html</a>

Most developers I speak with are unaware of owasp