No Exit: The Case for Moving Security Information Front and Center


The Open Web Application Security Project (OWASP) was founded in 2001. This non-profit organization seeks to educate and inform developers on secure development practices, and provides developers with tools to create web applications securely. One of their flagship projects is the Top 10 list of web application security flaws. The goal of the Top 10 list is to raise awareness about problems that exist with vulnerabilities in web applications and to educate developers about how to find and avoid the vulnerabilities.

The OWASP Top 10 list is extremely well known; it is impossible to walk through the show floor at a security conference without encountering at least some mention of the top 10 list. The Top 10 list is cited several times by the PCI Security Standards Council Penetration Testing Guidance and has been used as an acceptance test criteria for contract fulfillment for public procurement.

Read more at SecurityWeek.