Free eBook

The OWASP Top 10, and beyond.

If you are responsible for the development, security, or operation of a web application, becoming familiar with the OWASP Top 10 is a critical step to protecting that app.

We have taken it one step further. OWASP Top 10, and Beyond.

The first three:

A1 | Injection

Injection, the root cause of 71% of web app breaches, is a common class of vulnerability where insufficiently sanitized input provided by external sources contains hidden application commands from an attacker. Because the web application is not properly filtering the input, it allows injected commands to be passed through to either the local system or a dependent one.

A2 | Broken Authentication

Accurately knowing who a user is (authentication) and what they are allowed to do (authorization) are foundational concepts of security that complement each other. Authentication mechanisms – typically passwords - are some of the most targeted through phishing, brute force, credential stuffing and others.

A3 | Sensitive Data Exposure

Sensitive data exposure is an information leakage problem. The sensitivity of what is leaked can vary, but divulging any information about how a web application is designed (error messages, file paths, etc.) to an attacker is a bad idea. This kind of information is low-hanging fruit for automated scanners and ripe for exploitation.

What's inside

of the total breaches reported involved attackes on web applications.

of attacks on web applications were financially motivated, perpetrated by organized criminal groups.

of cyber security incidents were web app attacks.

the open web application security project