Official OWASP Top 10 Document Repository
Please log any feedback, comments, or log issues here.
We have released the OWASP Top 10 - 2017 (Final)
There are currently four co-leaders for the OWASP Top 10. We meet every Friday at 1 pm US PDT to discuss the project. If you want to join that call, please contact us. It's really not that exciting.
- Andrew van der Stock (twitter: @vanderaj)
- Brian Glas (twitter: @infosecdad)
- Neil Smithline (twitter: @appsecneil)
- Torsten Gigler (twitter: @torsten_tweet)
- Notice => Torsten + Vorwort der deutschen Version => Thomas und Torsten ✅ 🏁
- Introduction = Home -> Torsten ✅ 🏁
- How to use the OWASP Top 10 as a standard => Tobias H. ✅ 🏁
- How to start an AppSec program with the OWASP Top 10 => Daniel G. ✅ 🏁
- About OWASP => Torsten/Thomas ✅ 🏁
- A01 Broken Access Control => Tobias H. ✅ 🏁
- A02 Cryptographic Failures => Jan ✅ 🏁
- A03 Injection => Jasmin (Injection 2017 + XSS 2017) ✅ 🏁
- A04 Insecure Design => Thomas/Torsten ✅ 🏁
- A05 Security Misconfiguration => Florian ✅ 🏁
- A06 Vulnerable and Outdated Components => Florian ✅ 🏁
- A07 Identification and Authentication Failures => Daniel ✅ 🏁
- A08 Software and Data Integrity Failures => Tobias H. ✅ 🏁
- A09 Security Logging and Monitoring Failures => Tobias H. ✅ 🏁
- A10 Server Side Request Forgery (SSRF) => Daniel ✅ 🏁
- Next Steps => Daniel ✅ 🏁
- 🏳️: Peer-Review fehlt
- 🏁: Peer-Review erledigt.