OWASP is a non-profit foundation dedicated to the dissemination assisting web developers and businesses understand and protect from malicious attacks to web applications and their underlying infrastructure, regularly updating a very useful list of top 10 threats
OWASP
The organisation is a world renowned collective of leaders who use evidence based data and extensive experience to advise developers to create more secure code.
OWASP Top 10
The OWASP top 10 is regularly updated, so click the link above to access the latest link. Below find a list of common risks commonly found in web applications.
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting
- Insecure Deserialization
- Components with Known Vulnerabilities
- Insufficient Logging
OWASP Cheat Sheets
The cheat sheets assist developers to quickly assess an applications vulnerabilities providing an A-Z of risk concepts and their fixes.
OWASP Juice Shop
A fun way to get into white-hat hacking is to attempt to break the Juice Shop, which is a purpose built website with a large number of vulnerabilities, each created as a challenge a beat. The aim of beating the Juice Shop is to train developers to create safer websites.