The latest OWASP Top 10 eLearning course is here! Get the first five modules free of charge.

Learn More
Get the OWASP Top 5 for FREE
I would like to speak to a sales rep
Opt-in for future communications

By submitting your information, you are agreeing to the
Security Compass Terms of Service & Privacy Policy

What is the OWASP Top 10?

The OWASP Top 10 is an awareness document for web application security. It represents a broad consensus about the most critical security risks in web applications. This list of vulnerabilities were developed by a security experts from around the world. The previous list was released in 2013, and an updated list was just released at the end of 2017.

A primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses. The Top 10 provides basic techniques to protect against these high risk problem areas and provides guidance on where to go from here.

OWASP urges all companies to adopt this awareness document and to start the process of ensuring that their web applications minimizes these risks. Adopting and understanding the OWASP Top 10 is an important step towards changing the software development culture within an organization into one that produces secure code and secure applications by design.

What is OWASP?

The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain applications and APIs that can be trusted.

What are the latest OWASP Top 10 Vulnerabilities?

  1.   A1:2017 - Injection
  2.   A2:2017 - Broken Authentication
  3.   A3:2017 - Sensitive Data Exposure
  4.   A4:2017 - XML External Entities (XXE)
  5.   A5:2017 - Broken Access Control
  6.   A6:2017 - Security Misconfiguration
  7.   A7:2017 - Cross-Site Scripting (XSS)
  8.   A8:2017 - Insecure Deserialization
  9.   A9:2017 - Using Components with Known Vulnerabilities
  10. A10:2017 - Insufficient Logging & Monitoring

Partners & Awards

DevOps Diagram
DevOps Diagram
DevOps Diagram

DevOps Diagram
DevOps Diagram
DevOps Diagram

How can Security Compass help you?

Security Compass is a leader in helping customers proactively manage cybersecurity risk without slowing down their business. Offering advisory services, training, and SD Elements, a policy-to-procedure platform for security and compliance, Security Compass enables organizations to rapidly and efficiently deliver technology that’s secure by design. Security Compass serves some of the world's largest businesses including seven of the 15 largest financial institutions and four of the 10 largest technology companies in North America. The privately held company is headquartered in Toronto, Canada with global offices in the United States and India.