OWASP Top 10

Get started

Legislative summary
The Open Web Application Security Project (OWASP) Top Ten Project provides a minimum standard for web application security. It lists the top ten most critical web application security vulnerabilities, representing a broad concensus. Project members include a variety of security experts from around the world who have shared their expertise to produce this list. Currently there are versions in English, French, Japanese and Korean, and a Spanish version is in development. You should consider adopting security standards and begin assessing that your web applications do not contain these security flaws. Addressing the OWASP Top Ten is an effective first step towards changing your software development culture into one that produces secure code for your web applications.

More information about the following critical web application security vulnerabilities is on the OWASP website:

• Unvalidated input
• Broken access control
• Broken authentication and session management
• Cross-site scripting (XSS) flaws
• Buffer overflows
• Injection flaws
• Improper error handling
• Insecure storage
• Denial of service
• Insecure configuration management

HP Application Security Center capabilities

• Assess your web applications for vulnerabilities that may result in the disclosure of sensitive or private information
• Verify that web application access to sensitive information is controlled by authentication and authorization
• Identify web application command injection vulnerabilities that may execute malicious code or programs
• Validate that web application inputs are properly validated and not vulnerable to command injection or cross-site scripting attacks
• Check that data communication is encrypted
• Check for vulnerability to denial of service attacks
• Check for improper application error handling
• Get detailed security assessment reports categorized by OWASP sections

Learn more