Security

OWASP

Open Web Application Security Project - a nonprofit foundation that produces guidelines, tools, and resources for improving software security.

Also known as:Open Web Application Security Project

What is OWASP?

OWASP (Open Web Application Security Project) is a nonprofit foundation that works to improve software security. It provides free, open-source tools, resources, and documentation to help organizations build and maintain secure applications.

OWASP Top 10 (Web)

The most critical web security risks:

  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  6. Vulnerable Components
  7. Authentication Failures
  8. Data Integrity Failures
  9. Logging Failures
  10. SSRF

OWASP Top 10 for LLMs

AI-specific security risks:

  1. Prompt Injection
  2. Insecure Output Handling
  3. Training Data Poisoning
  4. Model Denial of Service
  5. Supply Chain Vulnerabilities
  6. Sensitive Information Disclosure
  7. Insecure Plugin Design
  8. Excessive Agency
  9. Overreliance
  10. Model Theft

Key OWASP Projects

Tools

  • ZAP (Zed Attack Proxy)
  • Dependency-Check
  • OWASP Amass

Standards

  • ASVS (Application Security Verification Standard)
  • SAMM (Software Assurance Maturity Model)
  • Testing Guide

Cheat Sheets Security best practices for:

  • Authentication
  • Cryptography
  • Input validation
  • Session management

How to Use OWASP

Developers

  • Follow secure coding guidelines
  • Use OWASP tools in CI/CD
  • Reference cheat sheets

Security Teams

  • Assess against Top 10
  • Use testing methodologies
  • Train on OWASP resources

Organizations

  • Adopt OWASP standards
  • Implement SAMM
  • Support OWASP projects
Previous

Observability

Next

Patch Management