The OWASP is a non-profit foundation that focuses on enabling people and communities to develop, test, and maintain applications that can be trusted by all.
OWASP has created the OWASP Top 10 web vulnerabilities list, which has become a standard for web application testing:
- A1:2017 – Injection
- A2:2017 – Broken Authentication
- A3:2017 – Sensitive Data Exposure
- A4:2017 – XML External Entities (XXE)
- A5:2017 – Broken Access Control
- A6:2017 – Security Misconfiguration
- A7:2017 – Cross-Site Scripting (XSS)
- A8:2017 – Insecure Deserialization
- A9:2017 – Using Components with Known Vulnerabilities
- A10:2017 – Insufficient Logging and Monitoring
Each category provides a detailed breakdown of all vulnerabilities, discovery methods and techniques, countermeasures, and best practices to reduce risk.
Further information on the OWASP Top 10 Project can be found at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_2017_Project. Additionally, the OWASP Testing Guide can be found at https://www.owasp.org/index.php/OWASP_Testing_Project.
Furthermore, always keep practicing to sharpen your skill set in terms of understanding the OWASP Top 10. The OWASP Broken Web Applications (BWA) project will assist you in your journey.
In the next section, we will take a look at understanding the phases of the penetration testing execution standard (PTES).