OWASP (https://owasp.org) is a nonprofit organization that advocates web application security. It was founded in September 2001 and has since created a lot of content and offerings:
- Events, local and global
- Cheat sheets for various kinds of attacks, with technology-specific advice
- Checklists and guidelines for security testing
- Software such as the OWASP Zed Attack Proxy, ZAP (see chapter 15)
- Training material such as the Juice Shop, an application with many (intentional) security vulnerabilities
- And much more
The best-known OWASP project, however, is the OWASP Top 10 list, which we will cover in this chapter, along with other top 10 lists. Not surprisingly, we have covered all aspects of these lists in previous chapters (or, at least, have good reasons why we didn’t). This chapter serves as a refresher on many things we discussed earlier in this book and reiterates how the threats from the list items may be mitigated with ASP.NET Core.