Hello and welcome to the OWASP Top 10. The term OWASP refers to The Open Web Application Security Project.

The Open Web Application Security Project is an international organization dedicated to helping organizations conceive, develop, acquire, operate, and maintain applications that can be trusted. The information that OWASP provides is free and is open to anyone that wants to improve application security.

The Open Web Application Security Project is probably most known for its Top 10 list. Their Top 10 list highlights common issues in web applications. This list is designed to help minimize exposure to risks associated with these common issues.

Just to give you a feel for what OWASP is all about, let's look at some of the top issues mentioned in their Top 10 list.

The top security risk on the OWASP Top 10 at the time of this course publication is Injection. Because injection flaws like SQL injections and LDAP injections occur when untrusted data is sent to an interpreter as part of a command or query, you should get into the habit of never trusting any user input. You should also never execute any code that’s built directly from untrusted input.

Broken Authentication takes the number two spot on the OWASP Top 10. This shows up because application functions that are related to authentication and session management are, many times, implemented incorrectly. This allows the bad guys to compromise passwords, keys, and even session tokens.

Number three on the OWASP Top 10 is Sensitive Data Exposure. This shows up because lots of web applications and APIs do a poor job of protecting sensitive data. As a result, hackers can often steal or modify this poorly protected data to commit credit card fraud, identity theft, and other crimes.

XML External Entities comes in at number four on the Top 10 because lots of older and poorly configured XML processors evaluate external entity references within XML documents. This is an issue because external entities can be used to reveal internal files via the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.

Rounding out the top five on the OWASP Top 10 is Broken Access Control. Broken Access Control shows up because restrictions on what authenticated users can and can’t do are, quite often, not properly enforced. These flaws are then exploited to access unauthorized functionality or data.

To ensure a more secure software development environment, organizations should adopt the OWASP Top 10 as part of their development process.

To learn more about the OWASP Top 10, visit the URL that you see on your screen.

Lectures

Course Introduction - Code Quality Defined - Monitoring Code Quality - Reporting on Code Coverage - Security Analysis Tools - DEMO: Configuring SonarCloud in a Pipeline - Course Summary