Introduction to OWASP and Its Impact on Security
Explore the World of Cyber Security
The project aims to address the growing problem of organizations deploying potentially sensitive APIs as part of their software delivery. These APIs are used to perform internal tasks or interface with third parties, but unfortunately many APIs do not undergo rigorous security testing to protect them from attacks.
OWASP Resources and Community
The Open Worldwide Application Security Project (OWASP) is an open community dedicated to helping organizations develop, buy, and maintain trustworthy applications and APIs.
Application security tools and standards.- A complete book on application security testing, secure code development, and secure code reviews.
- Presentations and videos.
- Cheat sheets on many common topics.
- Standard security controls and libraries.
- Local chapters around the world.
- Cutting-edge research.
- A wide range of conferences around the world.
- Mailing List (Archive).
Your Guide to Web Application Security
OWASP (Open Web Application Security Project) is a non-profit foundation focused on improving software security globally. With over 275 chapters worldwide, including OWASP Japan, it drives research, creates guidelines, and develops tools for diagnosing vulnerabilities. The OWASP Top 10 highlights the most critical web security threats, issued every 2–3 years. The latest version, OWASP Top 10 2023, provides a detailed overview of risks and trends.
How the OWASP Top 10 is Rated
- Likelihood of Exploitability
- Technical Impact
- Detectability
* The OWASP Top 10 evaluates vulnerabilities using a structured risk rating methodology to prioritize the most critical threats.
Learn More About OWASP →
1
API1:2023 Broken Object Level Authorization
Broken object-level authorization leads to sensitive data exposure due to improper access control.
2
API2:2023 Broken Authentication
API2:2023 Broken authentication could lead to unauthorized access to user accounts.
3
API3:2023 Broken Object Property Level Authorization
API3:2023 Broken object property level authorization could lead to unauthorized manipulation of data.
4
API4:2023 Unrestricted Resource Consumption
API4:2023 Unlimited resource consumption will result in service outages or performance degradation.
5
API5:2023 Broken Function Level Authorization
API5:2023 Function level authorization corruption allows unauthorized function execution
6
API6:2023 Unrestricted Access to Sensitive Business Flows
API6:2023 Unrestricted access to sensitive business flows puts critical business processes at risk.
7
API7:2023 Server Side Request Forgery
API7:2023 Server-side request forgery creates a security vulnerability.
8
API8:2023 Security Misconfiguration
API8:2023 Security misconfigurations expose system vulnerabilities.
9
API9:2023 Improper Inventory Management
API9:2023 Improper inventory management leads to misuse of resources and unauthorized leakage of data.
10
API10:2023 Unsafe Consumption of APIs
API10:2023 Insecure use of the API can allow unauthorized access to the system.
Empowering the Security Community Through Open Collaboration
All OWASP tools, documents, videos, presentations, and chapters are free and open to anyone with an interest in improving application security.
We advocate approaching application security as a people, process, and technology challenge because the most effective approach to application security requires improvements in these areas.
OWASP is a new kind of organization: free from commercial pressures, and therefore able to provide unbiased, practical, and cost-effective information about application security.
OWASP is not affiliated with any technology company but advocates for the wise use of commercial security technology. OWASP produces many types of materials in a collaborative, transparent, and open manner.
The OWASP Foundation is a nonprofit organization that ensures the long-term success of the project. Most people involved in OWASP, including the OWASP Board, chapter leaders, project leaders, and members, are volunteers. We support innovative security research through grants and infrastructure support.