Receive and overview of the OWASP Group and history of the OWASP Top 10. The goal of the Top 10 project is education and awareness, and the first version was released in 2003.
- [Instructor] OWASP stands for Open Web Application Security Project, and it's a nonprofit organization that's focused on improving software security by providing tools, standards, documents, local chapters, conferences, and mailing lists to the community. The OWASP Foundation was established in 2001 and to date has more than 45,000 volunteer members. OWASP might be best known for a list called the OWASP Top 10.
This is a list of common web application security vulnerability categories, and the intent behind the list is to provide an education and awareness for anyone who is involved in developing software. It's basically a here's what not to do if you don't want to get hacked primer. There are, of course, many ways to hack and breach applications that go beyond the OWASP Top 10, but the list is a pretty good start. The first version of the OWASP Top 10 was released in 2003.
Since that time, there have been a handful of updates to the list. This course focuses on the OWASP Top 10 2017 Release Candidate 2. To date, the Release Candidate 2 is the most recent version of the OWASP Top 10 in existence. Here's what changed from the 2013 list to the second Release Candidate for 2017. As you can see, a few items stayed the same, while a couple of them merged and a few new ones were added.
This is basically what happens every time the list is updated. The idea is to include some of the most relevant and common web application security vulnerability categories for software teams that are developing applications today.