The OWASP is a non-profit foundation that focuses on enabling people and communities to develop, test, and maintain applications that can be trusted by all.
OWASP has created the OWASP Top 10 web vulnerabilities list, which has become a standard for web application testing:
- A1:2017 – Injection
- A2:2017 – Broken Authentication
- A3:2017 – Sensitive Data Exposure
- A4:2017 – XML External Entities (XXE)
- A5:2017 – Broken Access Control
- A6:2017 – Security Misconfiguration
- A7:2017 – Cross-Site Scripting (XSS)
- A8:2017 – Insecure Deserialization
- A9:2017 – Using Components with Known Vulnerabilities
- A10:2017 – Insufficient Logging and Monitoring
Each category provides a detailed breakdown of all vulnerabilities, discovery methods and techniques, countermeasures, and best practices to reduce risk.
Furthermore, always keep practicing to sharpen your skill set in terms of understanding the OWASP Top 10. The OWASP Broken Web Applications (BWA) project will assist you in your journey.
In the next section, we will take a look at understanding the phases of the penetration testing execution standard (PTES).