chapter sixteen
16 OWASP Top 10
This chapter covers
- What OWASP is and does
- How relevant the OWASP Top 10 is
- How the OWASP Top 10 is created
- Which items are part of the OWASP Top 10, and how they relate to the contents of this book
- Noting other relevant security-related lists of risks
The Open Web Application Security Project (https://owasp.org), or OWASP in short, is a nonprofit organization that advocates web application security. It was founded in September 2001 and has since then created a lot of content and offerings:
- Events, locally and globally;
- Cheat sheets for various kinds of attacks, with technology-specific advice;
- Checklists and guidelines for security testing;
- Software such as the OWASP Zed Attack Proxy, ZAP (see chapter 15);
- Training material such as the Juice Shop, an application with many (intentional) security vulnerabilities;
- And much more.
The best-known OWASP project, however is the OWASP Top 10 list, which will be covered in this chapter, among other top ten lists. Not surprisingly, we have covered all aspects of those lists in previous chapters (or at least have good reasons why we didn’t). This chapter serves both as a refresher of many things we’ve discussed earlier in this book, and also reiterates how the threats from the list items may be mitigated with ASP.NET Core.