OWASP is an acronym for Open Web Application Security Project. It is a community project that frequently publishes the top 10 application risks from an awareness perspective. The project establishes a strong foundation to integrate security throughout all the phases of SDLC.
The OWASP Top 10 project essentially application security risks by assessing the top attack vectors and security weaknesses and their relation to technical and business impacts. OWASP also provides specific instructions on how to identify, verify, and remediate each of the vulnerabilities in an application.
Though the OWASP Top 10 project focuses only on the common application vulnerabilities, it does provide extra guidelines exclusively for developers and auditors for effectively managing the security of web applications. These guides can be found at the following locations:
- Latest testing guide: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents
- Developer's guide: www.owasp.org/index.php/Guide
- Secure code review guide: www.owasp.org/index.php/Category:OWASP_Code_Review_Project
The OWASP top 10 list gets revised on a regular basis. The latest top 10 list can be found at: https://www.owasp.org/index.php/Top_10_2017-Top_10.