OWASP Top 10
ELI5 — The Vibe Check
The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked. If your app is safe against these 10, you're way ahead of most. It's updated every few years, and every developer should read it at least once.
Real Talk
The OWASP Top 10 is a regularly updated consensus document listing the most critical web application security risks. The 2021 edition includes: Broken Access Control, Cryptographic Failures, Injection, Insecure Design, Security Misconfiguration, Vulnerable Components, Authentication Failures, Data Integrity Failures, Logging Failures, and SSRF.
When You'll Hear This
"The security audit covered all OWASP Top 10 categories." / "We addressed every OWASP Top 10 issue before launch."
Related Terms
CSRF (CSRF)
CSRF (Cross-Site Request Forgery) is when a bad website hijacks your logged-in session on a good website to do things you didn't ask for.
OWASP (OWASP)
OWASP (Open Web Application Security Project) is the internet's biggest security club.
Penetration Testing
Penetration testing (pentesting) is hiring ethical hackers to try to break into your own systems before the real bad guys do.
SQL Injection
SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.
Vulnerability
A vulnerability is a weakness in your code or system that a bad guy could exploit. Like a broken lock on a door.
XSS (XSS)
XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.